By: Christopher A. Parrella, Esq., CPC, CHC, CPCO Parrella Health Law, Boston, Ma. A Health Law Defense and Compliance Firm

On August 29, 2024, the U.S. Department of Health and Human Services (HHS) voluntarily dismissed its appeal in the case of American Hospital Association v. Becerra. This move came just one week after HHS filed its notice to appeal a decision made by the Northern District of Texas. The court had ruled that the guidance issued by HHS’s Office for Civil Rights (OCR), which restricted hospitals’ use of online tracking technologies on their websites, exceeded the agency’s authority under the Health Insurance Portability and Accountability Act (HIPAA).

The case was brought by several healthcare institutions, including the American Hospital Association (AHA), Texas Hospital Association, Texas Health Resources, and United Regional Care System. These organizations challenged the OCR guidance titled “Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates,” which limited hospitals’ use of embedded third-party technology designed to collect information on users’ behavior, including alleged sensitive health information.

The Core Issue: Tracking Technology on Hospital Websites

The crux of the lawsuit was the claim that hospitals were using tracking technologies to better tailor their online content and advertisements to users. These technologies, embedded on public-facing websites, gathered data about user behavior to provide insights into visitor preferences, including potential medical conditions based on their activity. The HHS guidance aimed to restrict such tracking, citing concerns over the privacy of sensitive health information under HIPAA.

However, hospitals argued that these technologies were essential for advertising healthcare services and enhancing user experience by helping individuals find the services they needed.

Impact of HHS’s Voluntary Dismissal

By voluntarily dismissing its appeal, HHS has effectively vacated the OCR guidance. This means that hospitals can continue to use online tracking technologies on their websites without the additional HIPAA restrictions that were previously imposed by the OCR guidance.

This dismissal marks a significant win for healthcare organizations that rely on these tools to provide better service and information to their users. While the privacy of health information remains paramount, hospitals argue that user-tracking technologies are critical to ensuring individuals receive relevant and timely information about healthcare options available to them.

What Does This Mean for Healthcare Providers?

For hospitals and other healthcare entities, the dismissal of this appeal offers a reprieve from stringent HIPAA limitations on online tracking technologies. It underscores the importance of balancing patient privacy with the operational needs of healthcare organizations, particularly in the digital age where user data plays a pivotal role in delivering healthcare services.

However, hospitals should remain vigilant. While this particular guidance has been vacated, the overarching obligations under HIPAA and other privacy laws still apply. Maintaining robust compliance programs that ensure the protection of patient information remains essential.

Parrella Health Law Call to Action

If your healthcare organization is using or considering using online tracking technologies, now is the time to reassess your compliance strategies. As the regulatory environment continues to evolve, ensuring that your data practices are in line with both HIPAA and your organization’s goals is critical. **For expert guidance on HIPAA compliance, online tracking, and patient privacy regulations, contact Parrella Health Law at 857-328-0382 or reach out to Chris directly at cparrella@parrellahealthlaw.com. We’re here to help your organization navigate these complex legal landscapes.