Many cases of healthcare cybersecurity data breaches have come to light in recent times.
In the name of online service marketing, healthcare organizations are revealing patients’ sensitive data.
The US health industry has taken some serious steps to tackle this healthcare cybersecurity attack.
Let’s dig into it!
Understanding the Data Privacy Crackdown in the Health Industry
According to MediaRadar, an ad industry intelligence platform, telemedicine firms had spent a quarter promoting their services via Google and Facebook ads in the first three months of 2023.
The same thing happened last year.
Moreover, the data of MediaRadar also spread light on nonprofit health systems that had reduced their targeted ads spending during this period every year.
This has become a rising trend in the country.
The Americans who use any of the following services are unaware that these services capture detailed information and use it later for advertising and marketing their services.
- Telehealth platforms
- Hospital websites
- Mental health platforms
Health Industry Measures for Protecting Patient Information
The Federal Trade Commission made a settlement of $1.5 million with GoodRx Holdings Inc. in February as it shared its customer data with Facebook, Google, and some other firms.
Proving to everyone that they’re working on the promise they made in 2021.
“We promise to bring actions to enforce the Breach Notification Rule.”
The Health Breach Notification Rule (HBNR) requires personal health records (PHRs) vendors not covered by HIPAA are required to notify the FTC and consumers about any unsecured identifiable healthcare data breach.
It’s a game-changing upheaval for healthcare cybersecurity issues.
The FTC has started fining telehealth companies that violate their customers’ privacy in an attempt to stop them from doing it again in the future.
The director of the Civil Rights HHS Office stated that her staff has launched its own investigation, mentioning online health data collection as “problematic” and “widespread.”
The agency had recently updated its health data privacy protection.
The aim behind the update was to prevent the insurers and providers from releasing any patient information seeking or obtaining a legal abortion.
On understanding the regulatory landscape, firms have started to cut ties with tech giants like Facebook and Google.
Though patients might have difficulty finding healthcare services online, this is good news for them as it offers more privacy.
The health industry has gone a step ahead and introduced some surprising news for tackling healthcare data breach issues.
How the US Government Overcame the HIPAA Limitations
It was believed that HIPAA, federal health privacy law only covers the patient data collected by hospitals or doctors.
The data consumers leave online was used to market healthcare services and products.
It had become a key mechanism for getting more customers.
HHS’ Office for Civil Rights surprised healthcare providers and insurers by issuing a bulletin in December.
The personally identifiable health information definition was expanded and restricted the use of some of the marketing technology.
“We’re seeing people go in and type symptoms, put in information, and that information is being disclosed in a way that’s inconsistent with HIPAA and being used to potentially track people, and that is a problem,” said HHS Office for Civil Rights Director Melanie Fontes Rainer at the International Association of Privacy Professionals’ summit in Washington this month.
This declaration strengthened the regulations for protecting patient information and preventing any healthcare data breach.
Last month, the FTC fined BetterHelp $7.8 million.
BetterHelp is an online therapy-providing platform owned by Teladoc. It was charged for sharing patients’ health data for advertising purposes with companies like Snapchat and Facebook.
The director of the FTC’s Bureau of Consumer Protection, Samuel Levine, stated that:
“Firms that think they can cash in on consumers’ health data because HIPAA doesn’t apply should think again. Our recent actions against GoodRx and BetterHelp make clear that we are prepared to use every tool to protect Americans’ health privacy, and hold accountable those who abuse it.”
The FTC needed both these firms to stop sharing customer information and change their practices of data protection. The firms complied but denied any wrongdoings on their end.
GoodRx stated that “we had used vendor technologies to advertise in a way that we believe was compliant with all applicable regulations and that remains a common practice among many health, consumer, and government websites.”
While BetterHelp mentioned that it was accused of utilizing “limited, encrypted information to optimize the effectiveness of our advertising campaigns so we could deliver more relevant ads and reach people who may be interested in our services.”
The company wanted to convey that this practice is used routinely by the healthcare industry.
Every healthcare entity, ranging from major hospitals to online telehealth providers, is taking precautionary steps and checking everything and anything that looks like a marketing operation.
They are pulling back such information and waiting for more guidance from the HHS department.
Ensure the compliance of your health tech with us!
Using HBNR, FTC is sending a warning regarding the enforcement of widely used marketing practices involving PHI by digital health companies.
It has become mandatory for every healthcare entity to check the compliance of your healthcare IT to ensure that they’re safe from any type of healthcare data breach.
We are an Ontario-based healthcare-focused IT company.
Being in the healthcare industry for 8+ years, we understand the importance of secure healthcare IT solutions.
If you want to build or check the compliance of your healthcare IT, hit the contact button and connect with us today!