Does the Use of Geofencing Technology Violate the HIPAA Rules?

by

Geofencing technology creates an electronic fence surrounding a specific location or area online. Going into that invisible boundary triggers the sending of push notifications to the person’s mobile phone. Retailers began using this geofencing technology some time back. Google is likewise using it to alert users based upon location. A digital marketing firm is helping a law firm get leads utilizing this modern technology. A geofence is set up in healthcare establishments, the emergency rooms particularly. Any person who goes in the ER is going to get a push notification on his mobile phone regarding legal services. Is this a breach of the HIPAA rules?

As per NPR, Tell All Digital is a marketing and advertising company in New York which is providing this service. Numerous law offices want to test this marketing strategy. With geofencing, law offices could target people in an emergency room who probably experienced a personal injury. Advertisements regarding personal injury claim services are offered to the patients up to 30 days after going to the ER. Although just a small percentage of patients are going to have a legitimate claim, it is nevertheless a good way to look for a potential client.

This is a really inventive way to get clients however it is usually considered as an invasion of personal privacy. Does it suggest that lawyers are violating HIPAA? Healthcare companies, health plans, healthcare clearinghouses and business associates of covered entities need to follow the HIPAA rules.  Lawyers are not part of any of these therefore, the HIPAA rules probably don’t affect them. They are also not accessing protected health information (PHI). The data received is just the fact that the individual went into a medical facility or the ER.

In such cases, there is no obvious breach of HIPAA rules. However state laws or even federal laws may be violated. NPR pointed out an incident when Copley Advertising used geofences in methadone clinics and reproductive health centers. Adverts such as ‘Pregnancy Help’ and ‘You Are Not Alone’ were directed on women visiting the facilities for customers like adoption institutions and Christian groups offering pregnancy counseling.

Massachusetts’ attorney general Maura Healey went after a case versus the advertising agency for breaking state consumer protection regulations. Copley was forbidden to employ geofencing technology within the state of Massachusetts and in healthcare facilities to infer health conditions or medical status of individuals. Apparently, what Copley did is considered as digital harassment.

Whether or not the practice of employing geofencing is breaking state laws, eventually government bodies would need to step in particularly when it will involve healthcare facilities. The HHS probably doesn’t deal with this issue directly, however the state or Federal Trade Commission could take care of it. When no action is undertaken, the popularity of this technology will keep on growing.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]