American Hospital Association Sues HHS for its HIPAA Online Tracking Guidance

by | Nov 7, 2023 | Government Enforcement, HIPAA, HIPAA Breach Notification, Lawsuits

  • As HHS is actively enforcing its new guidance and HIPAA interpretation against hospitals across the country, the federal government’s own healthcare providers continue to use online tracking technologies on their websites.

  • AHA asserts that OCR’s Guidance on Online Technologies harms the very people it purports to protect,” and that “[t]he federal government’s repeated threats to enforce this unlawful rule tie hospitals’ hands as trusted messengers of reliable health care information.”

  • The AHA’s lawsuit seeks a permanent injunction against HHS so as to prevent the agency from taking enforcement action against covered entities for reasonable use of online tracking technologies. You can download a copy of the AHA’s filed lawsuit here.

Subscribe HERE to Legal HIE’s backend compliance library to gain access to tools, checklists, whitepapers, sample policies and a lot more to help your organization stay on top of the newest compliance challenges in 2023! 

 

Last Friday, the American Hospital Association, joined by a few others, sued the federal government to enjoin HHS from enforcing their published Guidance on “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.”  You can download a copy of the AHA’s filed lawsuit here.

The first paragraph of the complaint is so delicious, that it has to be reprinted here:

“this action [is filed] because the federal government is threatening to enforce against hospitals and health systems a new rule that is flawed as a matter of law, deficient as a matter of administrative process, and harmful as a matter of policy. The rule, promulgated by the U.S. Department of Health and Human Services (HHS), prohibits the use of certain technologies that make healthcare providers’ public webpages more effective in sharing vital information with the community. Yet even as HHS is actively enforcing this new rule against hospitals across the country, the federal government’s own healthcare providers continue to use these purportedly prohibited technologies on their websites.”

That last sentence is golden — and, true!  If you go onto federal health plan and provider websites, you can find applications that have online tracking tools enabled.  AHA’s President and CEO, Rick Pollack, goes one step further and actually calls the specific  websites out:

“In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including Medicare.gov, Tricare.mil, Health.mil, and various Veterans Health Administration sites. We cannot understand why HHS created this ‘rule for thee but not for me.’

👀 👀 👀

In July, HHS sent a “warning letter” to 66 hospitals to “draw their attention to serious privacy and security risk related to the use of online tracking technologies that may be present on you website or mobile application (app) and impermissibly disclosing consumers’ sensitive personal health information to third parties.”  The AHA’s lawsuit seeks a permanent injunction against HHS to prevent the agency from taking enforcement action against covered entities based on the overly broad interpretation of HIPAA in its Guidance.

Now, we wait with bated breath for a decision by the U.S. District Court for Northern Texas.

Share this:

If you are not a subscriber to our backend Legal HIE compliance library, download our Table of Contents here to check out all of the tools, checklists, whitepapers, sample policies we make available to our members to help their organizations comply with Information Blocking, HIPAA, 42 CFR Part 2, Data Breaches and more. Ready to subscribe now? Click here to review our subscription options.

Archives