Navigating the digital health data maze of litigation
Beracah Stortvedt
Digital health saw a big boost in popularity due to the COVID-19 pandemic. People could visit their doctors online or on video calls and order prescriptions from their homes. Nearly four years later, the pull of digital health remains strong. However, data security has become a growing concern with the amount of personal information moving between patients and health care advisors over the internet.
Media representatives and federal bodies are closely judging how digital health companies handle their users' data. How will your digital health company handle the increased spotlight? Knowing the impacts of pixel tracking and growing litigation around the topic will be two of the biggest trends to watch.
Implications of pixel tracking
It's a method that almost every company uses on their websites or ads. Pixel tracking is tiny pieces of code businesses can use to track consumer user behavior. This data can be anything from page views to clicks. Tracking helps a business target ads to users likely to interact with or buy something based on what the pixel tracker captures. While companies are aware of these codes, the user usually isn't.
Typically, pixel tracking does not necessarily intend to gather sensitive personal information. However, the Federal Trade Commission (FTC) notes this isn't always true. Sometimes, a person or company can edit the tracker's code to grab personal data. Even then, the code can accidentally capture vital data, which a company could later share or sell.
Data covered by the Health Insurance Portability and Accountability Act (HIPAA) can also be captured. This risk can create notable exposures for your company, especially as Business Associate Agreements are usually not in place with those third parties' advertising, marketing, and social media firms.
Knowing what and how your pixel trackers collect information is vital for your business. This tracking can open data privacy concerns, potentially exposing your company to litigation.
Litigation and regulatory action
Press members have had no issue sharing companies' missteps with personal data. Companies are also seeing class action privacy liability lawsuits and regulatory investigations come their way.
One primary watchdog is the FTC. As of May 2023, the regulatory agency proposed changes to its Health Breach Notification Rule. These new changes would require digital health vendors, such as health apps not covered by HIPAA, to notify consumers, the FTC, and the media of a breach of unsecured personal health information. To the FTC, this data can range from basic information like diagnoses and medications to insights collected by fitness trackers.
This year, the commission went to work on penalizing digital health companies. In February 2023, GoodRx Holdings Inc., a free service for finding prescription drug discounts, was fined $1.5 million for taking users' private health information without permission. The company was also sharing that data with Google and Facebook. The information included consumers' prescriptions, health conditions, and contact information.
Even consumers are taking companies to court if they feel their data is not protected. Meta Platforms, Inc. faced multiple class action lawsuits from people who said the company targeted ads based on the information Meta collected from code in various hospital websites. Whether it's the government or your customers, everyone is watching what your company does with the personal data it collects.
How Marsh McLennan Agency can help
Keeping track of your data collection methods is vital in protecting your digital health company. Still, every business is bound to face one obstacle or another. Have someone in your corner for help when those moments occur.
Don't just keep up with the changes in your industry; stay ahead. We'll help you craft insurance solutions that protect you in the shifting world of digital health. Our digital specialists can also advise you on the risks of pixel tracking and other digital trends.