Fraud Management & Cybercrime , Governance & Risk Management , Privacy
Web Trackers Persist in Healthcare Despite Privacy Risks
Ian Cohen, CEO of Lokker, Discusses the Latest Online Tracking ConcernsWhile fewer healthcare websites appear to be using online trackers now than a year ago, nearly 1 in 3 firms are still using Meta Pixel and similar technologies despite warnings from regulators and a rise in civil class action litigation alleging privacy violations related to these tools, said Ian Cohen, CEO of Lokker.
Last year nearly 40% of healthcare sector websites examined by data privacy compliance firm Lokker appeared to be using trackers. That has dropped to about 33% of the websites this year, which indicates a 17.5% decline in web tracker usage, he said. The findings, published in a recent Lokker report, are based on research in which the firm analyzed 3,419 U.S. websites across four industries - healthcare, technology, financial services and retail businesses - as well as companies on the S&P 500.
"What I think is largely going on is that a lot of the companies - which includes hospitals and nonprofits - don't likely know that they have the Meta pixel on their sites," he said. "I don't believe that the Meta pixel that we're finding is there because of bad intention. I think it's more saying that it's very difficult to find all these technologies on your site," he said.
In any case, the use of these trackers on healthcare-related websites has drawn the ire of regulators and privacy advocates.
The Department of Health and Human Services' Office for Civil Rights and the Federal Trade Commission last year jointly sent letters to 130 hospitals and telehealth firms warning about the use of the trackers in websites, patient portals and mobile apps that collect and share individuals' sensitive information with third parties, including advertisers and marketers (see: Feds Warn Hospitals, Telehealth Firms About Web Tracker Use).
The FTC has issued several recent enforcement actions against telehealth firms involving the use of web trackers violating the FTC Act and potentially the FTC Health Breach Notification Rule, for which an update was finalized in late April (see: FTC Finalizes Health Breach Notification Rule Update).
HHS OCR has said it too is investigating such web tracker cases for potential HIPAA violations.
In the meantime, dozens of healthcare sector organizations are also facing proposed civil class action lawsuits involving their online trackers (see: NC Health System Agrees to Pay $6.6M in Web Tracking Case).
"These are really interesting tools that allow the product and marketing teams to optimize their websites by seeing, for example, if a consumer can go through a certain kind of form effectively," he said. But, "if you set these up incorrectly, you're tripping over wiretapping and other laws," he said.
In this audio interview with Information Security Media Group (see audio link below photo), Cohen also discussed:
- Web tracker considerations involving the Video Privacy Protection Act, which is 30 years old;
- Security risks stemming from the use of web trackers and similar online technology tools;
- Other key findings from Lokker's recent web tracking research.
Prior to founding Lokker, a provider of online data privacy and compliance solutions for enterprises, Cohen served as CEO for Credit.com and chief product officer for Experian, where he focused on consumer-permissioned data.