Hospital associations file lawsuit against HHS

Nov. 3, 2023
The American Hospital Association and several other associations announced they have filed a lawsuit against the Department of Health and Human Services over the guidance that prohibits hospitals from using tracking tools to monitor visitors on their websites

According to a Nov. 2 press release, the American Hospital Association (AHA), the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, sued the federal government to block enforcement of “an unlawful, harmful, and counterproductive rule that has upended hospitals’ and health systems’ ability to share health care information with the communities they serve, analyze their own websites to enhance accessibility, and improve public health.”

The press release states that “Today’s lawsuit challenges a ‘Bulletin’ issued by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) entitled, ‘Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.’ This December 2022 ‘Bulletin’ restricts hospitals from using standard third-party web technologies that capture IP addresses on portions of hospitals’ public-facing webpages that address health conditions or health care providers. For example, under HHS’ new rule, if someone visited a hospital website on behalf of her elderly neighbor to learn more about Alzheimer’s disease, a hospital’s use of any third-party technology that captures an IP address from that visit would expose that hospital to federal enforcement actions and significant civil penalties.”

Further, “Hospitals and health systems have long honored the core objectives of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), America’s primary health care privacy law. Congress enacted this law to strike a balance between protecting patients’ health information and ensuring the flow of information needed to provide communities with high quality care. The Bulletin, which HHS issued without consulting health care providers, third-party technology vendors, or the public at large, upsets HIPAA’s careful balance, preventing hospitals from using commonplace web technologies to analyze use of their websites and communicate effectively with the populations they serve.”

“The Department of Health and Human Services’ new rule restricting the use of critical third-party technologies has real-world impacts on the public, who are now unable to access vital health information. In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including,,, and various Veterans Health Administration sites. We cannot understand why HHS created this ‘rule for thee but not for me,’” Rick Pollack, AHA President and CEO said in a statement.

AHA has the press release.