AHA urges OCR to finalize HIPAA privacy proposal, suspend online tracking guidance  

May 22, 2023 - 03:19 PM
aha-medicaid-data-900x400

The Department of Health and Human Services’ Office for Civil Rights should finalize its proposed “commonsense” amendments to the HIPAA Privacy Rule to support reproductive health care privacy, but immediately suspend or amend its December 2022 online tracking guidance, which “aggravates the risk of health misinformation by treating a mere IP address as a unique identifier under HIPAA,” AHA told the agency in comments submitted May 22. 
 
“In particular, the guidance errs by concluding that IP addresses constitute [protected health information] whenever they are shared with a third party, regardless of the context surrounding when someone visits a regulated entity’s website,” AHA wrote. “Under the guidance, an IP address is protected even if consumers are not actually seeking medical care. The same HIPAA protections apply if a consumer is searching for a physician or medical service, seeking general health information (e.g., information about vaccines, flu season, or symptoms of an unknown illness), or merely looking for information about visiting hours, facility locations, cafeteria menus or any of the multitude of reasons one might go to a hospital’s website.”

Related News Articles

Headline
HHS will not appeal AHA court victory in online tracking case
The U.S. Department of Health and Human Services will not appeal its loss in American Hospital Association v. Becerra. The AHA, joined by the Texas Hospital…
News
Judge rules in favor of AHA vacating HHS online tracking ‘bulletin’ as unlawful and beyond agency authority
A United States District Court Judge in Texas today ruled in favor of the AHA, Texas Hospital Association, and hospital plaintiffs, agreeing that Department of…
Headline
OCR finalizes rule prohibiting certain reproductive health care disclosures
The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule…
Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…