The American Hospital Association (AHA), the largest hospital lobbying group in the United States, is advocating for Congress to pressure health regulators to retract a warning sent to medical providers regarding online trackers embedded into patient portals.
Furthermore, the AHA’s concerns stem from a December 2022 bulletin issued by federal regulators, prompted by major health organizations treating the use of web user tracking code by companies like Facebook and Google as a potential HIPAA violation. Senator Bill Cassidy, who sought input on health data privacy and security issues, including HIPAA updates and AI use in patient data, is reviewing the feedback.
Additionally, the AHA specifically disagrees with the Office of Civil Rights’ stance on online technology tracker tools and IP addresses’ usage in combination with hospital webpages, which they believe should not be subject to tight restrictions under HIPAA. They argue that the regulations are overly burdensome and hinder hospitals’ ability to provide communities with reliable healthcare information. The Healthcare Information and Management Systems Society also raised concerns about the collection of biometric, genetic, location, and financial data, especially concerning the rise of AI, which often involves mixing individuals’ data for training purposes, conflicting with data governance principles.
While some stakeholders debate the extent of HIPAA regulations, regulatory attorney Rachel Rose points out that HIPAA identifies 18 individually identifying factors, including biometrics and IP addresses. The ongoing discussion highlights the challenges of balancing patient privacy, data protection, and healthcare information accessibility in an increasingly digital healthcare landscape.