Hospital Lobby Group Sues US Government Over Guidelines Restricting Health Website Trackers

US hospital group sues Department of Health. (photo: Pexels)

JAKARTA - The American Hospital Lobbying Group (AHA), together with the Texas Hospital Association and two Texas non-profit health systems, filed a lawsuit against the US Department of Health and Human Services (HHS) in federal court in Fort Worth, Texas, Thursday, November 2. The lawsuit accuses the agency of exceeding its authority when it issued the guidance in December.

The guidance warns health care providers that allowing third-party technology companies such as Google or Meta to collect and analyze internet protocol (IP) addresses and other information from visitors to their public websites or apps may violate the Health Insurance Portability and Accountability Act (HIPAA). These federal laws protect individuals' personal health information.

AHA Deputy General Counsel Chad Golder told Reuters that his group, which represents more than 5,000 hospitals across the country, was aware that HHS had initiated several enforcement actions under the guidance. Penalties for HIPAA violations can be severe, as fines — which can run into the thousands, according to HHS — will be assessed for each IP address disclosed to third parties, Golder said.

Court records show several hospitals have been hit by class action lawsuits citing the guidance, accusing them of mishandling personal health information through the use of these tracking devices.

Thursday's lawsuit seeks a declaration that information collected by third-party trackers, such as Google Analytics or Meta Pixel, is not "individually identifiable health information," which is protected by HIPAA. They also asked for a permanent injunction prohibiting HHS from enforcing the guidance.

The guidance concerns hospital public websites, not patient portals or password-protected sites. The guidance was issued as a bulletin from the HHS Office for Civil Rights, which said that the deployment of trackers on health websites can reveal a person's diagnosis, frequency of medical visits, and put people at risk of identity theft, discrimination, or other consequences. The guidance applies to all healthcare providers covered by HIPAA.

The groups suing to stop the rule say they use these trackers in videos about health conditions, translation tools for website content, and mapping technology to help potential patients find their location. The guidance could force them to remove these tools, which they say would limit the information they can provide to the public.

The lawsuit claims that the guidance was proposed without giving medical providers and others in the industry a chance to comment. Golder said his group decided to file the lawsuit after months of hampered efforts to communicate with HHS about the guidance.