Corvus warns the healthcare sector against tracking pixels

The risks of using pixel technology should make companies think twice, especially with the insurance liabilities privacy breaches can create, according to Corvus, a provider of insurance data and technology services.

Pixel technology is a way for websites to track user activity that captures all user activity, other than the underlying website itself. Facebook’s father, meta, and The Google They were sued for privacy violations last year over their use of the Pixel.

Lauren Winchester, senior vice president of risk and response Corvus Insurance. “The first claims of tracking pixels are starting to make their way to insurers. As with all coverage decisions, it’s a matter of policy language. We’ll know in a nutshell how the market approaches that.”

The companies’ cyber policies cover class actions and individual lawsuits, as well as legal representation in response to regulatory actions for privacy violations. The key is whether they are formulated solely to cover data breaches or deliberate actions that violate privacy, as when a company or site activates a pixel to track user activity.

“What we’ll see over the next couple of months is how insurance companies react to it and how brokers and customers react to it,” Winchester said.

Corvus provides scans of corporate public-facing web infrastructure to catch software vulnerabilities along with pixel tracking. By reviewing these scans, Corvus advises corporate leaders on how to assess their own privacy risks, to be proactive with Corvus document holders, according to Winchester.

The healthcare industry is particularly vulnerable to issues of breach of privacy or infringement due to the HIPAA law governing patient confidentiality. On December 1, the US Department of Health and Human Services issued guidelines Emphasize that health insurance companies, service providers and related entities can be subject to penalties To disclose HIPAA-protected information when pixel tracking is used.

The routing means “you need to evaluate which pages the pixels were used on and which data was sent,” Winchester said. “And assuming a breach occurs, if patient information is sent, if IP addresses are sent. That will force a lot of healthcare organizations to evaluate the privacy implications of using pixels.”

Corvus recommends that its healthcare industry policyholders stop using tracking pixels. “We think it’s clear that the cost will outweigh the benefits there. The attorney agrees with that approach as well,” Winchester said.

Companies or departments within companies may not realize that they are using pixel tracking, especially if their marketing department is using pixels. “Bring these sections together to have a conversation about usage and do a risk-benefit analysis to ask whether the benefits of using this tracking technology really outweigh the risks of liability,” Winchester said.

“For some industries, the answer is now yes,” she added. “In online retail, the ability to re-target ads and drive consumers to your website to make purchases. In some industries, it may not be worth it. The group doing cost-benefit analysis needs to be re-evaluated regularly due to the speed of the legal landscape changing. We also recommend updating privacy policies on websites to be more clear about the use of tracking technologies. If you are going to continue to use them, make sure you get the right kind of consent from those who visit your website.”