AHA urges OCR to finalize HIPAA privacy proposal, suspend online tracking guidance  

May 22, 2023 - 03:19 PM
aha-medicaid-data-900x400

The Department of Health and Human Services’ Office for Civil Rights should finalize its proposed “commonsense” amendments to the HIPAA Privacy Rule to support reproductive health care privacy, but immediately suspend or amend its December 2022 online tracking guidance, which “aggravates the risk of health misinformation by treating a mere IP address as a unique identifier under HIPAA,” AHA told the agency in comments submitted May 22. 
 
“In particular, the guidance errs by concluding that IP addresses constitute [protected health information] whenever they are shared with a third party, regardless of the context surrounding when someone visits a regulated entity’s website,” AHA wrote. “Under the guidance, an IP address is protected even if consumers are not actually seeking medical care. The same HIPAA protections apply if a consumer is searching for a physician or medical service, seeking general health information (e.g., information about vaccines, flu season, or symptoms of an unknown illness), or merely looking for information about visiting hours, facility locations, cafeteria menus or any of the multitude of reasons one might go to a hospital’s website.”

Related News Articles

Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…
Headline
CMS urged not to implement proposed prior authorization attachment standard
The AHA July 27 joined AHIP, the American Medical Association, and Blue Cross Blue Shield Association in urging the Centers for Medicare & Medicaid…
Headline
Agencies warn hospitals, others about tracking technology compliance risks
The Department of Health and Human Services’ Office for Civil Rights and Federal Trade Commission yesterday sent a letter to about 130 hospital systems and…
Headline
FTC proposes changes to breach notification requirements for entities not covered by HIPAA 
The Federal Trade Commission June 8 released for public comment a notice of proposed changes to breach notification requirements for entities that collect…
Headline
HIPAA proposed rule would prohibit certain reproductive health care disclosures 
The Department of Health & Human Services’ Office for Civil Rights today released a proposed rule that would prohibit entities regulated by the HIPAA…