Healthcare organizations have been navigating a complex landscape following the HHS guidance on the use of online tracking technologies. This uncertainty has led to confusion among marketing, compliance, and legal teams regarding what is considered PHI (Protected Health Information) and how to properly handle data shared with non-HIPAA business associates.

In this FAQ, Doriann Cain, a Partner at Faegre Drinker, answers key questions to clarify these ambiguities. From defining what constitutes PHI to understanding the responsibilities of payer organizations in ensuring compliance with HIPAA regulations, this document provides expert insights on topics like ad platforms, keyword bidding, click IDs, and the potential legal liabilities involved.

• Identifies who is responsible for preventing the transmission of PHI to non-HIPAA business associates.
• Explains the risks of using ad platforms and how they handle healthcare-related data.
• Breaks down the AHA lawsuit challenging HHS guidance and its potential impact on your organization.
• Shares what steps payers should take while awaiting the lawsuit’s outcome.