AHA urges OCR to finalize HIPAA privacy proposal, suspend online tracking guidance  

May 22, 2023 - 03:19 PM
aha-medicaid-data-900x400

The Department of Health and Human Services’ Office for Civil Rights should finalize its proposed “commonsense” amendments to the HIPAA Privacy Rule to support reproductive health care privacy, but immediately suspend or amend its December 2022 online tracking guidance, which “aggravates the risk of health misinformation by treating a mere IP address as a unique identifier under HIPAA,” AHA told the agency in comments submitted May 22. 
 
“In particular, the guidance errs by concluding that IP addresses constitute [protected health information] whenever they are shared with a third party, regardless of the context surrounding when someone visits a regulated entity’s website,” AHA wrote. “Under the guidance, an IP address is protected even if consumers are not actually seeking medical care. The same HIPAA protections apply if a consumer is searching for a physician or medical service, seeking general health information (e.g., information about vaccines, flu season, or symptoms of an unknown illness), or merely looking for information about visiting hours, facility locations, cafeteria menus or any of the multitude of reasons one might go to a hospital’s website.”

Related News Articles

Headline
OCR finalizes rule prohibiting certain reproductive health care disclosures
The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule…
Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…
Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…