Are Law Firms Violating HIPAA When Using Geofencing Technology to Target Patients in ER Rooms?


Geofencing is a technology that creates a digital fence around a particular location or space online allowing individuals to be identified when they pass through that invisible boundary. Push notifications can then be sent to the user’s mobile phone based on their location data. Retailers started using this technology some time ago. Google is also using it to send notifications to users based on their location. Now, a digital marketing company is offering attorneys a service using this technology. A geofence is set up around healthcare facilities; emergency rooms in particular. Anyone who enters the ER can be sent a push notification on their mobile phone offering legal assistance.

According NPR, Tell All Digital, a marketing firm in New York, has started offering this service. Many law firms are eager to try this marketing tactic. With geofencing, law firms can target individuals in an emergency room who are likely to have suffered an injury. Ads offering personal injury claim assistance are sent to the patients, which could be received up to one month after visiting the ER. Though only a small percentage of patients will have a valid claim, this tactic could be effective.

This is a very innovative way to find clients but it could be viewed as an invasion of privacy, but does it constitute a HIPAA violation? HIPAA rules cover healthcare providers, healthcare clearinghouses, health plans and business associates of covered entities.  Attorneys may be business associates of covered entities, but not in this case. HIPAA covered entities are not providing protected health information (PHI) and are likely to be unaware that their patients are being targeted.

Consequently, there appears to be no violation of HIPAA Rules, but state and other federal laws might be violated. NPR mentioned a case where Copley Advertising set up geofences in reproductive health centers and methadone clinics. Ads like ‘Pregnancy Help’ and ‘You Are Not Alone’ were sent to women who visited the facilities. In that case the clients were adoption agencies and Christian pregnancy counseling services.

Maura Healey, the Massachusetts’ attorney general, pursued a case against the advertising agency for violating state consumer protection laws. Copley was prohibited from using geofencing technology in the state of Massachusetts or in healthcare facilities to infer medical conditions or health status of people.

This matter may not fall within the remit of the HHS, but could be dealt with by the Federal Trade Commission or at a state level. As it stands, the practice will continue and could spread nationwide.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: