Written and medically reviewed by Dorcas Morak, Pharm.DThe Protected Health Information (PHI) breach at the BayCare Clinic was due to the use of tracking pixels by their partner company - Advocate Aurora Health. On January 25, 2023, the BayCare Clinic started informing 134,000 patients of a data breach that exposed their protected health information.
What are tracking pixels?
Tracking pixels, also known as web beacons, are small, invisible images or code snippets embedded within websites, emails, or other digital content. When a user loads a web page or opens an email that contains a tracking pixel, the pixel is triggered and sends information back to the server, allowing the sender to track various user activities.
This information can include data such as the user's IP address, browser type, and device type, as well as how long the user spent on the website, which pages they viewed, and whether they clicked on any links. This data can be used for various purposes, including website analytics, targeted advertising, and email marketing campaigns.
While tracking pixels can be useful for businesses to gather data on user behavior, they can also be a privacy concern for users who may not be aware that they are being tracked. As a result, many websites and email providers give users the option to opt-out of tracking or use ad-blocking software to prevent tracking pixels from loading.
What are the benefits of tracking pixels?
The utilization of pixels presents an immense opportunity for enhancing targeted marketing initiatives and augmenting a company's comprehension of its customers through the data collected from their website.
Some specific benefits of tracking pixels include:
1. Improved website optimization: Tracking pixels can be used to collect data on website traffic, which can help businesses understand user behavior and optimize their website accordingly. For example, tracking pixels can show which pages are most popular, how long users stay on a page, and which links are clicked the most.
2. Enhanced marketing strategies: Tracking pixels allow marketers to track the success of their marketing campaigns in real-time. By measuring the number of clicks, conversions, and other metrics, marketers can adjust their strategies to improve performance and ROI.
3. Personalized content: By tracking user behavior, businesses can personalize content for their users. For example, tracking pixels can show which products a user has viewed or purchased, and businesses can use this data to suggest similar products or promotions.
4. Improved email marketing: Tracking pixels can be used in email marketing campaigns to track when an email is opened, and which links are clicked. This information can help marketers optimize their email campaigns for better engagement and conversions.
5. Audience segmentation: Tracking pixels can help businesses segment their audience based on user behavior. This allows businesses to create targeted marketing campaigns that are more likely to convert.
The Meta pixel, which has been the subject of extensive litigation and regulatory scrutiny lately, is designed to monitor and gather user data before sharing it with Facebook and Instagram. This allows for the delivery of personalized digital ads to the user's profiles with great accuracy.
Why does Advocate Aurora use tracking pixels?
Advocate Aurora Health uses pixels to measure and assess information about patient trends and preferences as they use their websites and applications.
How does the use of pixels expose PHI?
Tracking pixels on Advocate Aurora Health's website transmits user data to Meta, Google, and other companies, leading to a targeted advertisement on the patients. While some hospitals only put pixels on their forward-facing public website, others do the same on their patient portals. The problem is that Protected Health Information (PHI) may be sent to third parties without patient permission. The breach is more problematic if PHI collects data from the patient portal. Even unintentional breaches of PHI can result in serious legal trouble under HIPAA, state law, and common law torts.
What are the potential liabilities of using pixels?
While many companies tend to emphasize the benefits of pixels, they often undermine the potential risks associated with them. It is crucial to carefully consider these risks, as highlighted by a warning from The Markup in June 2022. The report revealed that 33 of the top 100 hospitals were using pixels on their websites, which has led to over 30 class action lawsuits alleging the sharing of PHI without patient consent, based on various state statutory, contract, and tort claims. The courts are now taking a strong stance against such practices, particularly concerning the sharing of PHI for targeted advertising. Furthermore, regulators are becoming increasingly concerned about privacy practices and data handling in the context of advanced technology, and there is a possibility of regulatory scrutiny.
What type of patient data is exposed by tracking pixels?
To learn more about the patient data that was sent to the third party, Advocate Aurora Health disabled the pixels and started an internal inquiry. The affected data may have included IP addresses, appointment dates, times, or locations, proximity to a practice site, provider information, and other PHI that might have been in the patient portal.
How can I protect myself from online tracking?
You can protect yourself from online monitoring by blocking or deleting cookies and using browsers that enable privacy-protecting features like incognito mode.
Am I at risk of a PHI breach by using an rxless coupon?