HealthLaw HotSpot: How to Stay HIPAA Compliant When Using Health Care Analytics
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “HealthLaw HotSpot: How to Stay HIPAA Compliant When Using Health Care Analytics” inside PodZeus.
In this episode of HealthLaw HotSpot, Erica Adler and Christina Kuda from Retzel & Andres explore the legal implications of using healthcare analytics, particularly focusing on HIPAA compliance. They explain how healthcare practices unintentionally collect personal data through websites, marketing emails, and digital communications—data that can become Protected Health Information (PHI) under HIPAA if linked to health-related details. The hosts emphasize that simply obtaining consent for marketing does not authorize sharing tracking data with third-party vendors. Instead, specific HIPAA-compliant authorization or a valid Business Associate Agreement (BAA) is required. They caution that even with a BAA, practices must conduct due diligence on vendors’ data security practices, certifications, and insurance coverage to avoid liability. The episode concludes with practical advice: audit your data collection practices, ask vendors detailed questions about tracking and storage, and consult the U.S. Department of Health and Human Services' guidance on online tracking technology.
Tracking data from marketing emails or websites can constitute PHI under HIPAA if linked to health information.
Consent for marketing is not sufficient for sharing analytics data with third parties—specific HIPAA authorization is required.
Third parties can only access PHI via a valid Business Associate Agreement (BAA) and must meet strict security standards.
Due diligence is essential when selecting vendors: verify their data storage, security protocols, and HIPAA certifications.
The HHS guidance 'Use of Online Tracking Technology' offers a valuable starting point for understanding HIPAA risks in digital analytics.
Introduction to Healthcare Analytics and HIPAA
Erica Adler introduces the topic of healthcare analytics and its legal implications, setting the stage for a discussion on how practices unintentionally collect personal data through digital channels.
What Constitutes HIPAA-Protected Analytics Data?
The hosts define analytics broadly as any electronic data collected from patient interactions, including website traffic and email engagement, and explain how such data can become PHI when linked to health information.
Common Pitfalls: Sharing Analytics with Third Parties
“Tracking that information and giving it to a third party can only be done if it's in a HIPAA compliant manner.”
How to Legally Share Data: Authorization and BAAs
“You need to ask questions. You need to find out what sort of electronic health platforms they use, how they're storing data...”
Vendor Due Diligence and Risk Mitigation
“Just because they sign a business associate agreement with you doesn't really mean they're meeting the standards.”
“Tracking that information and giving it to a third party can only be done if it's in a HIPAA compliant manner.”
“Just because they sign a business associate agreement with you doesn't really mean they're meeting the standards.”
“Consent to receive marketing information is not enough. It has to be a specific authorization of the specific information to that specific vendor.”
Hosts
HIPAA
other
Christina Kuda
person
PHI
other
Erica Adler
person
Business Associate
other
Covered Entity
other
Retzel & Andres
organization
Use of Online Tracking Technology
other
Department of Human Services
organization
What's My Tagline?: HIMSS26 with Amber Parmentier and Shahid Shah
Healthcare NOW Radio Podcast Network - Discussions on healthcare including technology, innovation, policy, data security, telehealth and more. Visit HealthcareNOWRadio.com • 26m • 4/1/2026
The Dish: HIMSS26 Recap: What You Need to Know
Healthcare NOW Radio Podcast Network - Discussions on healthcare including technology, innovation, policy, data security, telehealth and more. Visit HealthcareNOWRadio.com • 46m • 4/2/2026
Digital Health Talks: From Bedside to the Build When A Nurse Turned IT Leader
Healthcare NOW Radio Podcast Network - Discussions on healthcare including technology, innovation, policy, data security, telehealth and more. Visit HealthcareNOWRadio.com • 28m • 4/3/2026
The Tate Chronicles: HIMSS26 with Dr. Holly Miller and Paul Wilder
Healthcare NOW Radio Podcast Network - Discussions on healthcare including technology, innovation, policy, data security, telehealth and more. Visit HealthcareNOWRadio.com • 25m • 4/4/2026
This Just In Radio: ViVE 2026 with Nick Patel, MD and Ashwini Davison, MD, FACP, FAMIA
Healthcare NOW Radio Podcast Network - Discussions on healthcare including technology, innovation, policy, data security, telehealth and more. Visit HealthcareNOWRadio.com • 24m • 4/4/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “HealthLaw HotSpot: How to Stay HIPAA Compliant When Using Health Care Analytics” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime