By HFT Staff

UCLA Health has been alerted of an issue relating to the use of analytics tools on the its website and mobile app. Specifically, UCLA Health’s analytics tools on an appointment request form completed on the UCLA Health website or the UCLA Health mobile app (“Appointment Request Form”) may have captured and transmitted to our third-party service providers certain limited information from the Appointment Request Form. 

UCLA Health began using analytics tools from third-party service providers in April 2020. The analytics tools allow organizations to review website and app activity in the aggregate to develop more effective and efficient communication. Upon learning of concerns relating to this tool, the healthcare system disabled the functions in June 2022. Additionally, UCLA Health initiated a review, supported by a third-party forensic firm, to complete a comprehensive analysis of the use of these analytics tools on its website and mobile apps, evaluate what data these analytics tools collected, and determine to whom the data belonged. 

UCLA Health is providing notice to individuals whose data may have been captured on an Appointment Request Form. On January 13, 2023, UCLA mailed notices to those for whom it had addresses. For these individuals, the analytics tools may have captured the following information:  

• URL/website address (which could include provider name, specialty, or ad campaign name) 
• page view  
• IP address 
• third-party cookies 
• Hashed values of certain fields on an Appointment Request Form. The hashed value form fields may have included first and last name, email address, mailing address, phone number, and gender. 

The analytics tools never captured Social Security numbers, financial account numbers, or debit/credit card information. Moreover, Appointment Request Forms that were impacted were only present on the UCLA Health website and the UCLA Health mobile app. UCLA Health did not place these analytics tools within myUCLAhealth, the online patient portal.