- A group of hospitals and hospital lobbies sued the Biden administration on Thursday to try and stop guidance blocking providers from using tracking technology to monitor users’ activity on their websites.
- The lawsuit filed in a Texas district court accuses the agency of overstepping its authority in guidance issued in December that said allowing third-party technology to collect and analyze data from websites or apps may be a violation of the HIPAA privacy law.
- The plaintiffs include the American Hospital Association — the largest hospital lobby in the U.S. — along with the Texas Hospital Association and two nonprofit Texas health systems.
The lawsuit, filed in the U.S. District Court for the Northern District of Texas, asks the court to declare that information collected by third-party trackers, like data from public websites, is not individually identifiable health information, and therefore not protected by HIPAA.
The AHA argued that the guidance limits hospitals’ abilities to track concentrations of community concerns and “harms the very people it purports to protect,” according to the lawsuit.
The HHS has previously understood the dual obligations to protect patient privacy and enhance public wellbeing, but the new guidance throws those obligations out of balance, according to the suit.
“These technologies allow hospitals and health systems to adjust and publicize information and services in response to public need and thereby improve public health, all without compromising the HIPAA balance,” the suit says.
The suit also alleges hypocrisy, noting that federal agencies, including the Veterans Health Administration use tracking tools. The complaint said “while dozens of hospitals across the country have received enforcement threats, and hospitals are currently under active investigation by OCR, the federal government has not halted its own use of these vital tools.”
The HHS said its intent for the data guidance was to protect the personal health information of patients, including diagnoses and frequency of visits to therapists or other health professionals.
The lawsuit comes as hospitals have upped their reliance on third-party data, and regulatory agencies have expressed interest in cracking down on third-party data tracking.
In July, the Federal Trade Commission and OCR sent letters to approximately 130 health systems and telehealth providers warning that trackers may risk exposing consumers’ personal health data to third parties.
Almost 99% of hospital websites in 2021 included tracking software that transferred data to third parties, including technology and social media companies, like Meta, Google and Adobe, according to a study from Health Affairs.
A spokesperson for HHS' Office for Civil Rights declined to comment on the suit.