On January 30, Brooks Rehabilitation (“Brooks”) in Florida disclosed that in December, they discovered tracking technology vendors that provide services to Brooks were able to view/access individually identifiable health information (IIHI) provided when a website user provided contact information or feedback via a Brooks website. The data transmitted could have included information such as name; phone number; email address; computer IP address; other information provided under the comment section; and Brooks sites visited while visiting their website.
While the vendors could view or access IIHI, Brooks was unable to determine what, if any, information was collected and used. As a result, Brooks is notifying everyone who logged into a Brooks website.
Brooks’ website notice does not disclose the total number of individuals who had identifiable information transmitted via these tracking pixels, but Brooks notified HHS that 1,554 patients were affected.