Tracking Health Information Using Online Technologies: New OCR Guidance, HIPAA Obligations for Regulated Entities

Course Details
- smart_display Format
On-Demand
- signal_cellular_alt Difficulty Level
- work Practice Area
Health
- event Date
Wednesday, March 1, 2023
- schedule Time
1:00 p.m. ET./10:00 a.m. PT
- timer Program Length
90 minutes
-
This 90-minute webinar is eligible in most states for 1.5 CLE credits.
This CLE webinar will guide healthcare counsel on the use of tracking technologies by covered entities (CE) and business associates (BA). The panel will discuss the new U.S. Dept. of Health and Human Services Office for Civil Rights (OCR) guidance and the impact on how CEs and BAs use tracking technologies. The panel will offer best practices for healthcare entities in light of the guidance and to ensure HIPAA compliance.
Faculty

Mr. Blaney’s practice focuses on regulatory compliance, enforcement, litigation and transactions in the areas of data privacy, cybersecurity, healthcare, and emerging technologies. He advises private equity, asset managers, healthcare, life sciences, retail and technology clients on privacy and cybersecurity compliance, cybersecurity incidents and government investigations, including acting as lead counsel in defending clients in regulatory investigations by HHS-OCR, DOJ, FTC, FCC and State Attorneys General. Mr. Blaney counsels clients on federal, state, and international privacy and security laws including California Consumer Privacy Act, EU GDPR, and HIPAA, among others. He has expertise counseling clients on emerging artificial intelligence, digital health, healthcare fraud and abuse, third-party reimbursement and FDA regulatory matters. He also has substantial experience in defending healthcare clients in False Claims Act qui tam matters and has obtained several declinations and dismissals

Ms. Brennan focuses her practice on matters relating to intellectual property, information technology, software licensing and procurement, advertising technologies and digital marketing solutions, data privacy and security, and data breach and incident response. She advises clients on a variety of data governance regulations, including GDPR, HIPAA, and state laws governing personally identifiable information, such as CCPA. She also counsels clients on compliance with various information security standards, including HIPAA/HITECH, NIST, and ISO, and represents clients in responding to information security incidents.
Prior to joining Taft, Ms. Brennan was an associate at the largest health care-focused law firm in the country and focused her practice on information privacy and security as well as emerging technologies in health care, such as telemedicine, medical apps, and artificial intelligence. She holds the Certified Information Systems Security Professional (CISSP) certification and has presented and written extensively on the topics of cybersecurity and third-party risk management.

Mr. Swearingen has practiced in the area of health information privacy and security for over 20 years, with particular focus on HIPAA compliance, data breach response, government investigations, HIPAA audits and 42 C.F.R. Part 2. Since the HIPAA Breach Notification Rule was issued in 2009, he has handled a substantial number of healthcare data breaches, including cases involving ransomware, email phishing, lost/stolen devices, insider threats and medical devices. Mr. Swearingen regularly guides clients through government investigations of privacy and security incidents and has successfully negotiated resolutions and settlements with both federal and state agencies. He also advises clients on issues relating to emerging technologies, such as telemedicine, medical apps and artificial intelligence. He has worked with a broad spectrum of organizations, including health systems, hospitals, physician practices, health plans, governments, technology companies and business associates. Mr. Swearingen speaks and writes frequently, both regionally and nationally, on healthcare privacy and security matters.
Description
OCR issued guidance on the use of tracking technologies by CEs and BAs. The guidance highlights the HIPAA privacy and security obligations when CEs and BAs use online tracking technologies. An IP address is both an identifier and an individually identifiable health information when collected on a healthcare entity's website.
HIPAA applies when tracking technologies collect the email or IP address when the individual visits a CE's webpage to schedule appointments with his/her provider. OCR notes that this may apply when the website addresses specific symptoms or health conditions.
CEs should review and evaluate their relationships with tracking technology vendors to determine whether any data disclosed is protected health information (PHI) and whether the vendor is a BA. CEs also need to ensure HIPAA compliance regarding its disclosures with the vendors.
Listen as our authoritative panel of healthcare attorneys examines how the guidance impacts how CEs and BAs use tracking technologies and evaluate such usage considering the significant regulatory and litigation activity against CEs and BAs regarding their use of this technology. The panel will also offer best practices for healthcare entities in light of the guidance and to ensure HIPAA compliance.
Outline
- New OCR guidance
- Tracking technologies
- Usage considering regulatory activity
- Usage in light of litigation against CEs and BAs
- Best practices for complying with new guidance
Benefits
The panel will review these and other high risk issues:
- How does the OCR guidance define tracking technologies and when are they permitted and not permitted?
- What constitutes PHI for tracking purposes?
- What steps should CEs and BAs take to ensure HIPAA compliance?
Unlimited access to premium CLE courses:
- Annual access
- Available live and on-demand
- Best for attorneys and legal professionals
Unlimited access to premium CPE courses.:
- Annual access
- Available live and on-demand
- Best for CPAs and tax professionals
Unlimited access to premium CLE, CPE, Professional Skills and Practice-Ready courses.:
- Annual access
- Available live and on-demand
- Best for legal, accounting, and tax professionals
Related Courses

Antitrust Compliance and Clinical Integration: Recent Developments, FTC and DOJ Scrutiny
Friday, May 16, 2025
1:00 PM E.T.

Dental Practice Mergers, Acquisitions, Divestitures, and Affiliations
Monday, May 19, 2025
1:00 p.m. ET./10:00 a.m. PT

New Immigration Initiatives Impacting Healthcare: Patient and Employee Obligations, Compliance Strategies
Thursday, April 24, 2025
1:00 p.m. ET./10:00 a.m. PT
Recommended Resources
Navigating Modern Legal Challenges: A Comprehensive Guide
- Business & Professional Skills
- Career Advancement