Lexology June 21, 2024
Sheppard Mullin Richter & Hampton LLP

This week, in a significant win for the American Hospital Association plaintiff, the U.S. District Court for the Northern District of Texas issued an opinion vacating the Department of Health and Human Services’ (“HHS”) guidance on the use of online tracking technologies under HIPAA. At the heart of the dispute was the guidance released by HHS in December of 2022 and then updated again in March of 2024 (collectively, the “Guidance”), which suggested that information collected from unauthenticated website visitors could be considered protected health information (“PHI”) under HIPAA. The Guidance was challenged by hospitals and healthcare providers who argued it exceeded HHS’ statutory authority under HIPAA and imposed unreasonable compliance burdens.

The court took issue with HHS’ broad interpretation...

Today's Sponsors

Venturous
ZeOmega

Today's Sponsor

Venturous

Continue Reading

 
Topics: Apps, Govt Agencies, Health System / Hospital, HHS, HIPAA, Provider, Technology
Related Articles:
OCR Kicks Off 2026 with Reminders about "System Hardening" for HIPAA Covered Entities
Providers Evaluate Security as Updated HIPAA Compliance Looms
Updates to HIPAA Notice of Privacy Practices Required by February 16, 2026
How Healthcare Organizations Can Navigate Security Changes Linked to HIPAA Updates
Preparing for the HIPAA Security Rule Update

Share Article