TECH

Pixel tracking can significantly increase data breach risk on hospital websites

Researchers find that tracking pixels—small pieces of embedded code that can transmit user data to third parties—significantly increase data breach risk on hospital websites.

Digital tracking technologies have revolutionized online engagement, enabling organizations to collect user behavior data to enhance marketing and operational efficiencies. For instance, tracking pixels—small pieces of embedded code that transmit user data to external vendors—are widely used across industries. While broadly accepted in e-commerce and social media, their integration into the healthcare sector introduces unique ethical, security, and regulatory concerns. Yet, their implications for patient privacy and hospital cybersecurity remain largely unexplored.

Hilal Atasoy and colleagues analyzed 12 years of archived website data from 1,201 large U.S. hospitals between 2012 and 2023, examining the adoption of pixel tracking and their relationship to data breaches. The findings are published in the journal PNAS Nexus.

The authors found pixel tracking in 66% of hospital-year observations, despite stringent privacy regulations. Hospitals using third-party pixels experienced at least a 1.4 percentage point increase in breach probability, representing a 46% relative increase compared to the 3% baseline breach rate.

Third-party pixels, which transmit patient data to vendors like Meta and Google, significantly increased breach risk, while first-party pixels that keep data within the hospital showed no significant relationship with breaches. Physical breaches caused by misplaced documents or devices showed no relationship with pixel use, supporting the digital transmission mechanism.

According to the authors, the findings reveal a critical regulatory gap in health care privacy protections, as tracking pixels operate outside traditional Health Insurance Portability and Accountability Act safeguards. The authors recommend hospitals strengthen data governance policies to protect patient information.

Background: pixel tracking in healthcare...HIPAA was enacted in 1996 to protect patients' PHI, setting national standards for privacy and security in healthcare. The law applies to healthcare providers and their business associates, requiring safeguards to prevent unauthorized data access. The privacy rule mandates patient consent before PHI is disclosed, while the security rule enforces technical protections. However, these regulations were designed for traditional healthcare IT systems and do not explicitly account for third-party digital tracking technologies.

Recent concerns have emerged regarding tracking pixels, small embedded code snippets that collect user behavior data and transmit it to external vendors. Unlike cookies, which store data locally and can be deleted by users, pixels operate server-side, making them harder to detect and block. As third-party cookies are increasingly phased out due to privacy concerns, pixels have become a dominant tracking tool for measuring user engagement and targeting advertisements (14). Many hospitals use tracking pixels for marketing and website analytics, but these tools can inadvertently share PHI—such as IP addresses, appointment requests, and browsing behavior—with third-party platforms like Meta and Google.

Regulatory agencies have taken notice. The US Department of Health and Human Services (HHS) issued a bulletin in December 2022 clarifying that IP addresses linked to hospital webpages could be considered PHI, raising questions about HIPAA compliance (15). In 2023, HHS and the Federal Trade Commission (FTC) sent warning letters to 130 healthcare providers that their tracking pixels could compromise sensitive patient data (16). HIPAA mandates that hospitals remain responsible for breaches of PHI, regardless of whether the data loss occurs within their own IT systems or through third-party tracking tools. HHS has explicitly stated that hospitals transmitting PHI via pixels without safeguards may be subject to breach reporting requirements.

Real-world evidence confirms these risks: Community Health Network (CHN) disclosed in 2023 that a data breach affecting ∼1.5 million patients was directly linked to third-party tracking pixels transmitting PHI (17). In another case, Advocate Aurora Health reported a 3-million-patient breach in 2022, citing tracking pixels embedded on their website as the mechanism for unauthorized PHI disclosure to third parties such as Meta (18). Both hospitals reported these breaches under HIPAA, reinforcing that hospitals bear responsibility for data disclosures caused by tracking technologies.

Despite recent HHS guidance, legal challenges (e.g. a 2024 American Hospital Association lawsuit against HHS over its guidance) have created uncertainty about how HIPAA applies to pixel tracking. Beyond regulatory concerns, tracking pixels pose cybersecurity risks by increasing hospitals' exposure to third-party data breaches. Once patient data are transmitted to external vendors, hospitals have limited oversight of how it is stored or shared, making them vulnerable to security lapses in third-party systems. Cross-site tracking further heightens these risks, as third-party vendors can aggregate data from multiple websites, making it possible to reconstruct behavioral patterns and infer sensitive health details. Even when hospitals attempt to de-identify patient data, advanced tracking methods can re-identify individuals. These risks emphasize the need for stronger governance mechanisms to ensure that tracking technologies do not inadvertently expose patient data. As the debate over digital privacy intensifies, healthcare organizations must carefully weigh the benefits of online engagement against the potential risks to patient confidentiality and regulatory compliance. To empirically assess these risks, we next analyze hospitals' pixel use and its relationship with data breaches.

Provided by PNAS Nexus