What is a web tracker?

Web trackers are scripts on websites that gather data about you as you browse. They may be placed by the website or come from an unfamiliar source.

Understanding web tracking

Web tracking refers to collecting and sharing information about an internet user's activities. This is done through web trackers, which are embedded in the code of websites we visit. These trackers serve the purpose of observing our online behavior and following us across the internet. They can be owned by website hosts, marketing companies, advertising agencies, or even governments. The data collected by these trackers can be used by the owners or sold to third parties in exchange for various services.

Purpose and types of web trackers

The type of data web trackers collect can vary depending on their purpose. However, they generally aim to gather as much information as possible. This can include email addresses, login credentials, payment details, search preferences, browsing duration, location, device type, and more. There are five main types of web trackers:

Tracking cookies

These are the most common type of web trackers and are used to collect user information. Cookies are small pieces of code that are stored on your browser when you visit a website. While some cookies are necessary for customizing your digital experience, others can be highly invasive, tracking your online activities even after you leave the website.

IP address tracking

Your IP address is a unique set of numbers that identifies your physical location. Many websites and organizations use IP address tracking to monitor devices connected to their networks and determine their visitors' origin. 

Web beacons

Web beacons are transparent graphic images that can be attached to websites and emails. They record your digital behavior and create a digital profile of your persona. When attached to emails, web beacons can also facilitate IP address tracking. These images are invisible to users, meaning your data could be exposed without your knowledge.

Browser fingerprint

Browser fingerprinting involves collecting unique data from your browser, such as device model, screen resolution, operating system, language, and browsing history. This creates a unique fingerprint that can be used to track your online activities whenever you open your browser.

Canvas fingerprint 

Initially used for website graphics and animations, canvas fingerprints are now used as a tracking method. It is a coding language that determines how your browser responds to graphical instructions. When combined with other tracking methods, canvas fingerprints can create an accurate profile of users.

Web trackers can be categorized as first-party or third-party trackers. First-party trackers are implemented directly by the website you visit. While some are harmless, malicious actors can exploit others to access sensitive information. On the other hand, third-party trackers are more intrusive. Advertising agencies use them to track your online activities across multiple websites.

Read also: Can cookies be used in a HIPAA compliant manner? 

The uses of web tracking

Web tracking serves various purposes:

Advertising

Targeted advertising is a primary source of revenue for many online businesses. Web tracking allows companies to tailor ads based on your interests and preferences. 

Analytics

Web analytics tools are used to monitor how users interact with websites. This data is then analyzed to gain insights into user behavior and preferences. These insights help website owners optimize their platforms for a better user experience.

E-commerce

E-commerce platforms use tracking tools to improve their sales strategies. These trackers record user credentials, preferences, and shopping habits to optimize the website and drive more sales. While web tracking can have legitimate uses, it can also be employed in more invasive and unethical ways.

Protecting your privacy from web trackers

While web tracking is pervasive, there are steps you can take to protect your privacy online. Here are a few tips:

• Use tracker blockers
• Switch to a private search engine
• Connect through a VPN
• Adjust browser settings
• Regularly clear your cookies
  
  

In the news

On March 18, 2024, the Department of Health and Human Services' Office for Civil Rights (OCR) updated its guidance for entities covered by HIPAA regarding online tracking technologies. This update came in response to criticism and legal challenges, including a lawsuit filed by the American Hospital Association (AHA) and other healthcare organizations in November of the previous year. 

The release of the OCR guidance on the use of online tracking technologies matters because it directly impacts how HIPAA-covered entities, including hospitals and health systems, manage and protect patient information in the digital age. The guidance tries to ensure that tracking technologies, such as cookies, pixels, and mobile app trackers, do not lead to unauthorized disclosures of PHI, which could harm patient privacy and confidentiality. 

Read more: OCR updates guidance on online tracking for HIPAA entities

FAQs

Can hospitals use Google Analytics?

The Health and Human Services (HHS) has updated its guidance on online tracking. It makes clear that, in its basic configuration, you cannot have Google Analytics anywhere on your site that could expose both PHI and individual identifiers.

Is an IP address a HIPAA identifier?

In the context of tracking technologies on healthcare websites and mobile apps, IP addresses, and other IIHI may be considered PHI under HIPAA regulations.

Is geolocation a PHI?

Information such as an individual's medical record number, IP address, appointment dates, or geographic location is considered PHI under HIPAA if it relates to the individual's past, present, or future physical or mental health or condition, provision of healthcare, or payment for care.

What are online tracking technologies?

Online tracking technologies include cookies, web beacons, tracking pixels, and mobile app trackers used to collect and analyze how users interact with websites and applications, potentially including the collection of PHI.

See also: HIPAA Compliant Email: The Definitive Guide 

Related: What is a VPN and should you use one?