AHA Urges Revisions to OCR Pixel Guidance, Says IP Restriction Thwarts Information Sharing

The American Hospital Association (AHA) is asking the HHS Office for Civil Rights (OCR) to immediately amend or suspend its guidance on tracking pixels, saying the guidance—issued in December—is too broad and “will inadvertently impair access to credible health information.”

“Regrettably, the Online Tracking Guidance errs by defining PHI [protected health information] too broadly—specifically, to include all [Internet protocol] IP addresses,” the AHA said in a May 22 letter to OCR Director Melanie Fontes Rainer from AHA General Counsel and Secretary Melinda Reid Hatton.[1]

The health care industry has interpreted OCR’s pixel guidance to mean that hospitals and other health care entities cannot use Google Analytics and other analytics tools on their public-facing websites. Rainer said at an industry event in March that “this is an area of enforcement priority and interest for OCR, particularly in light of the public attention we’ve seen.” [2]

The guidance—and potential enforcement—impacts virtually every hospital since a study published earlier this year in Health Affairs found that more than 98% of hospital websites include the third-party tracking code snippets known as pixels, leading to transfers of information to large technology companies, social media companies, advertising firms and data brokers.[3]

This document is only available to subscribers. Please log in or purchase access.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field