(WNY News Now) – New York – New York Attorney General Letitia James has secured a $300,000 settlement from The NewYork-Presbyterian Hospital (NYP) for breaching federal privacy laws by disclosing the health information of website visitors.
New York Attorney General Letitia James announced that The New York-Presbyterian Hospital (NYP) has agreed to pay $300,000 in settlement for violating federal privacy laws by improperly disclosing the health information of individuals who visited their website. The investigation, conducted by the Office of the Attorney General (OAG), found that NYP used advertising tools on its website to collect and share private information with third-party tech companies when visitors searched for doctors or booked appointments, in violation of HIPAA.
NYP, which operates 10 hospitals in the New York City metropolitan area and receives over 2 million patient visits annually, utilized third-party tracking tools on its website between June 2016 and June 2022. These tools, using tracking pixels or tags, transmitted information back to third parties whenever a webpage loaded or a user took a specific action, such as conducting a search or booking an appointment. Third-party companies, in some instances, received sensitive health information, IP addresses, and URLs related to users’ searches.
The breach came to light in June 2022 when a journalist reported on the use of tracking tools on NYP websites and the potential exposure of sensitive health data. Subsequently, NYP disabled the tracking tools on its website, initiated a third-party forensic investigation to assess the extent of data release, and formally reported the incident in March 2023, acknowledging that it impacted over 54,000 people.
As part of the settlement, NYP has committed to adopting new policies and procedures to prevent the disclosure of protected health information through tracking tools. This includes maintaining appropriate internal policies, conducting regular audits and reviews of third-party tools, and instructing third parties to delete any protected health information they received.
Attorney General James emphasized the importance of safeguarding patients’ personal information, stating that hospitals and medical facilities must uphold high standards in protecting health data. The settlement aims to ensure NYP takes proactive measures to prevent future breaches and protects the privacy of individuals seeking medical assistance.
Leave a Reply