The American Hospital Association, together with the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, have filed a lawsuit against the US federal government challenging a bulletin issued by the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Essentially, the bulletin restricts hospitals from using certain third-party web technologies on web pages about health conditions or providers, on the basis that it could violate patients' privacy rights under the Health Insurance Portability and Accountability Act (HIPAA). The Congress enacted the bulleting with the aim to balance the protection of patients' health information and ensuring the flow of data needed to provide communities with high-quality care.
The lawsuit alleges that the new bulletin 'exceeds HHS statutory authority under Health Insurance Portability and Accountability Act (HIPAA),' lacking reasoning, consultation, and transparency, while highlighting its enforcement's difficulties. Namely, If an individual, acting on behalf of an elderly neighbor, visits a hospital's website to gather information about Alzheimer's disease, the hospital's use of third-party technology capturing the IP address during that visit could subject the hospital to federal enforcement actions and substantial civil penalties.
Additionally, the lawsuit claims that despite numerous hospitals facing enforcement threats and active OCR investigations, the federal government continues using these crucial tools without interruption. The hospital associations argue that web tracking tools enhance the functionality of healthcare websites, and that the federal government did not consult with hospitals and health systems about the impact that its new rule would have on patients or communities.