– mentions Google Analytics and Meta Pixel by name..
“Regulated entities are not permitted to use tracking technologies in a manner that would result in impermissible disclosures of PHI to tracking technology vendors or any other violations of the HIPAA Rules.”
This Bulletin provides a general overview of how the HIPAA Rules apply to regulated entities’ use of tracking technologies. This Bulletin addresses:
- What is a tracking technology?
- How do the HIPAA Rules apply to regulated entities’ use of tracking technologies?
- Tracking on user-authenticated webpages
- Tracking on unauthenticated webpages
- Tracking within mobile apps
- HIPAA compliance obligations for regulated entities when using tracking technologies
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/hipaa-online-tracking/index.html