/ en Wed, 21 May 2025 02:03:50 -0500 Tue, 06 May 25 06:15:00 -0500 /aha-center-health-innovation-market-scan/2025-05-06-4-critical-steps-scale-generative-ai <div class="container"><div class="row"><div class="col-md-8"><img src="/sites/default/files/inline-images/4-Critical-Steps-to-Scale-Generative-AI.png" data-entity-uuid="7ea69c77-70fc-4898-b953-67ac0db1cbd5" data-entity-type="file" alt="4 Critical Steps to Scale Generative AI. A brain that is half generative AI and have biological brain connecting health care data." width="1200" height="751"><p>As health care organizations grapple with rising operational costs, an aging population and a worsening workforce crisis, the need for transformative solutions has never been greater. A new Accenture report, <a href="https://www.accenture.com/content/dam/accenture/final/accenture-com/document-3/AI-Amplified-Scaling-Productivity-Final.pdf" target="_blank" title="Accenture鈥擥en AI amplified: Scaling productivity for healthcare providers">鈥淕en AI Amplified: Scaling productivity for health care providers,鈥�</a> highlights how generative artificial intelligence (AI) can offer a critical path forward 鈥� unlocking unprecedented productivity gains, enhancing patient care and reshaping the future of care delivery.</p><h2>Health Care鈥檚 Inflection Point</h2><p>Health care providers face a historic staffing shortage: By 2033, the U.S. is projected to lack as many as 139,000 physicians while the global nursing shortfall could reach 13 million. Traditional solutions like increased hiring and training alone cannot meet this demand. Providers must embrace innovative technologies to scale human capacity.</p><p>Generative AI presents a powerful opportunity. According to Accenture鈥檚 survey of 300 U.S. health care C-suite executives, 83% view boosting employee efficiency as the biggest opportunity of generative AI, and 77% expect it to drive direct revenue growth productivity gains. Early pilots show promise 鈥� automating routine tasks, improving data analysis and enhancing decision-making 鈥� but widespread adoption remains limited.</p><img src="/sites/default/files/inline-images/Potential-Benefits-of-Generative-AI-in-Health-Care.png" data-entity-uuid="2fbbdc98-8b8d-4810-8e21-52ee7353de18" data-entity-type="file" alt="Potential Benefits of Generative AI in Health Care. 70% of health care workers鈥� tasks could be reinvented with AI. 20%: Automation could free up 20% of nurses鈥� repetitive tasks, unlocking $50 billion annually. 9+: Generative AI could help doctors see 9 additional patients per month. Source: Accenture 2025." width="896" height="197"><p>Despite high awareness, a major execution gap exists. While 83% of health care organizations are piloting generative AI, fewer than 10% have invested in the infrastructure needed for enterprise-wide deployment. Without decisive action, health care risks falling behind industries like automotive and finance, where AI-driven gains are already significant.</p><h2>A Road Map for Action</h2><p>The Accenture report outlines four critical steps to help health care leaders move from fragmented pilots to scaled implementation:</p><ol><li><span><strong>Build a reinvention-ready digital core.</strong></span> A robust digital infrastructure 鈥� including cloud integration, seamless data access and scalable AI capabilities 鈥� is essential. Organizations with a strong digital foundation are poised to reinvent twice as many functions with generative AI over the next three years compared with those without.</li><li><span><strong>Strengthen data quality and strategy.</strong></span> High-quality, centralized data are a prerequisite for reliable AI outcomes. Health care providers must prioritize data cleansing, standardization and accessibility to empower AI to deliver clinical and operational benefits.</li><li><span><strong>Prioritize responsible and secure AI deployment.</strong></span> As the use of generative AI expands, safeguarding patient privacy and preventing cybersecurity breaches are nonnegotiable. Embedding responsible AI governance is critical to building trust among patients, providers and regulators.</li><li><span><strong>Forge strategic partnerships.</strong></span> Scaling generative AI requires expertise beyond internal capabilities. Collaborations with technology leaders, academic institutions and specialized vendors are key to accessing cutting-edge tools and accelerating innovation.</li></ol><h2>The Productivity Promise</h2><p>Accenture estimates that 70% of health care workers' tasks could be reinvented through technology. In nursing alone, automation could free up 20% of repetitive tasks.</p><p>Examples already abound:</p><ul><li>Generative AI can automate clinical documentation, giving physicians back minutes to hours per day 鈥� time that can be redirected to patient care.</li><li>Generative AI-augmented call centers have reduced patient wait times and improved first-call resolution rates without compromising security.</li><li>AI-enabled clinical appeals processes have achieved a 70% reduction in handling time and a 30% decline in misrouted claims.</li></ul><p>However, staying in pilot mode comes at a cost. Piecemeal implementations prevent providers from achieving the full operational efficiencies that scaled deployment can offer and widen the gap between health care and faster-moving industries.</p><h2>Leadership Alignment Is Critical</h2><p>A unified C-suite vision is essential. While CEOs recognize the transformative potential of generative AI, clinical leaders like chief medical officers (CMOs) and chief nursing officers (CNOs) are often underutilized in planning and deployment efforts, even though clinical workflows are among the most impacted.</p><p>The report stresses that everyone from board members to front-line clinicians must be involved in redefining roles, automating tasks where appropriate and reskilling teams to work alongside AI tools.</p><p>Key takeaways for health care leaders</p><ul><li><strong>The time to act is now.</strong> Scaling generative AI can drive productivity, reduce burnout and enhance patient care 鈥� all while improving financial sustainability.</li><li><strong>Build the foundation.</strong> Investment in cloud infrastructure, high-quality data and responsible AI frameworks are nonnegotiable prerequisites.</li><li><strong>Don鈥檛 go it alone.</strong> Strategic partnerships will be critical to closing skill gaps and accelerating deployment.</li><li><strong>Empower clinical leadership.</strong> CNOs and CMOs must play a central role in redesigning work processes to ensure that AI initiatives improve, not burden, care delivery.</li><li><strong>View generative AI as an ongoing journey.</strong> Scaling technology is not a one-time event, but a continuous reinvention of how health care operates.</li></ul><p>Generative AI is no longer a futuristic concept; it鈥檚 a present-day imperative. Health care organizations that act decisively today by scaling generative AI strategically and responsibly will define the next decade of health care delivery. Those that hesitate risk being left behind.</p><h3>Additional Resource</h3><p><em>The AHA recently released a report to guide hospital and health system executives on using AI and AI-powered technologies to transform their organizations鈥� operations. The report, </em><a href="/center/emerging-issues/market-insights/ai/building-and-implementing-artificial-intelligence-action-plan-health-care"><em>鈥淏uilding and Implementing an Artificial Intelligence Plan for Health Care,鈥�</em></a><em> features insights from 12 health care AI experts and leaders, published health care articles, presentations, reports, research and surveys on health care AI.</em></p></div><div class="col-md-4"><p><a href="/center" title="Visit the AHA Center for Health Innovation landing page."><img src="/sites/default/files/inline-images/logo-aha-innovation-center-color-sm.jpg" data-entity-uuid="7ade6b12-de98-4d0b-965f-a7c99d9463c5" alt="AHA Center for Health Innovation logo" width="721" height="130" data-entity- type="file" class="align-center"></a></p><p><a href="/center/form/innovation-subscription"><img src="/sites/default/files/2019-04/Market_Scan_Call_Out_360x300.png" data-entity-uuid data-entity-type alt width="360" height="300"></a></p></div></div></div>.field_featured_image { position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } .featured-image{ position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } h2 { color: #9d2235; } h3 { color: #9d2235; } Tue, 06 May 2025 06:15:00 -0500 Data Standards /legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer <div class="container"> <div class="row"> <div class="col-md-8"> <p><strong>IN THE UNITED STATES DISTRICT COURT FOR THE NORTHERN DISTRICT OF TEXAS FORT WORTH DIVISION</strong></p> <div class="row"> <div class="col-md-6"> <p>AMERICAN HOSPITAL ASSOCIATION; TEXAS HOSPITAL ASSOCIATION; TEXAS HEALTH RESOURCES; UNITED REGIONAL HEALTH CARE SYSTEM,</p> <p>Plaintiffs,</p> <p>v.</p> <p>MELANIE FONTES RAINER, IN HER OFFICIAL CAPACITY AS DIRECTOR OF OFFICE FOR CIVIL RIGHTS, U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES; XAVIER BECERRA, IN HIS OFFICIAL CAPACITY AS SECRETARY OF U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES; UNITED STATES OF AMERICA,</p> <p>Defendants.</p> </div> <div class="col-md-1"> <p>|<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |<br> |</p> </div> <div class="col-md-5"> <p>NO.</p> </div> </div> <p><strong>COMPLAINT</strong></p> <div class="row"> <div class="col-md-6"> <p>Jonathan D. Guynn (TX 24120232)<br> JONES DAY<br> 2727 N. Harwood St., Ste. 500<br> Dallas, Texas 75201<br> (214) 220-3939<br> (214) 969-5100 (fax)<br> jguynn@jonesday.com</p> </div> <div class="col-md-6"> <p>Hashim M. Mooppan* (DC 981758)<br> Rebekah B. Kcehowski* (PA 90219)<br> Jack L. Millman* (NY 5517180)<br> Audrey Beck* (DC 1739917)<br> JONES DAY<br> 51 Louisiana Ave., N.W.<br> Washington, D.C. 20001<br> (202) 879-3939<br> (202) 626-1700 (fax)<br> hmmooppan@jonesday.com<br> rbkcehowski@jonesday.com<br> jmillman@jonesday.com<br> abeck@jonesday.com<br> * <em>Pro hac vice application forthcoming</em></p> </div> </div> <p><em>Counsel for Plaintiffs</em></p> </div> <div class="col-md-4"> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer" target="_blank" title="Click here to download the Case Complaint: AHA, THA, THR, United Health Care System v. Rainer PDF.">Download the Case Complaint PDF</a></div> <div class="panel module-typeC"> <div class="panel-heading"> <h3 class="panel-title">Related Resources</h3> </div> <div class="panel-body"> <ul> <li><a href="/legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities">Lawsuit Overview</a></li> <li><a href="/press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their">Press Release</a></li> <li><a href="/special-bulletin/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands">Special Bulletin</a></li> <li><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Case Complaint</a></li> <li><a href="/legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer">Case Explainer</a></li> <li><a href="/frequently-asked-questions-faqs/2023-11-02-myth-vs-fact-hhs-ocr-online-tracking-rule">Myth vs. Fact Document</a></li> </ul> </div> </div> </div> </div> <div class="row"> <div class="col-md-8"> <h2>Introductions and Summary</h2> <p>1. The 黑料正能量 Association and the Texas Hospital Association (Associations), along with Texas Health Resources and United Regional Health Care System (Hospitals), bring this action because the federal government is threatening to enforce against hospitals and health systems a new rule that is flawed as a matter of law, deficient as a matter of administrative process, and harmful as a matter of policy. The rule, promulgated by the U.S. Department of Health and Human Services (HHS), prohibits the use of certain technologies that make healthcare providers鈥� public webpages more effective in sharing vital information with the community. Yet even as HHS is actively enforcing this new rule against hospitals across the country, the federal government鈥檚 own healthcare providers continue to use these purportedly prohibited technologies on their websites. A gross overreach by the federal bureaucracy, imposed without any input from the public or the healthcare providers most impacted by it, the HHS rule exceeds the government鈥檚 statutory and constitutional authority, fails to satisfy the requirements for agency rulemaking, and harms the very people it purports to protect. The Court should bar the rule鈥檚 enforcement.</p> <p>2. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) and its implementing regulations 鈥渟trike[] a balance.鈥� <em>Summary of the HIPAA Privacy Rule,</em> U.S. Dep鈥檛 of Health & Hum. Servs, https://perma.cc/MCG3-QFHX. The law 鈥減rotect[s] the privacy of people who seek care and healing,鈥� while 鈥減ermit[ting] important uses of information.鈥� <em>Id.; see id.</em> (鈥淎 major goal of the Privacy Rule is to assure that individuals鈥� health information is properly protected while allowing the flow of health information needed to provide and promote high quality health care and to protect the public鈥檚 health and well being.鈥�).</p> <p>3. Hospitals and health systems have long honored the balance HIPAA strikes. They take seriously their obligation to safeguard the privacy of patient records and billing statements. At the same time, they have embraced the federal government鈥檚 support for sharing non-private health-related information on their publicly accessible webpages that neither require nor request patients to enter login information for user authentication (an Unauthenticated Public Webpage).</p> <p>4. Now more than ever, the federal government has called on hospitals and health systems to combat 鈥淸h]ealth misinformation鈥濃€攕omething the U.S. Surgeon General recently described as a 鈥渟erious threat to public health.鈥� V. Murthy, <em>Confronting Health Misinformation</em> (2021), https://perma.cc/YD2V-4QJE. While always working to protect private patient information, hospitals and health systems are keenly aware of their obligation to fulfill the other side of the HIPAA balance by 鈥渟har[ing] accurate health information with the public.鈥� <em>Id.; see generally Understanding Some of HIPAA鈥檚 Permitted Uses and Disclosures,</em> U.S. Dep鈥檛 of Health & Hum. Servs, https://perma.cc/N7FC-DTW8 (鈥淚nformation is essential fuel for the engine of health care. Physicians, medical professionals, hospitals and other clinical institutions generate, use and share it to provide good care to individuals, to evaluate the quality of care they are providing, and to assure they receive proper payment from health plans.鈥� The capability for relevant players in the health care system 鈥� including the patient 鈥� to be able to quickly and easily access needed information to make decisions, and to provide the right care at the right time, is fundamental to achieving the goals of health reform.鈥�).</p> <p>5. As part of these information-sharing efforts, many hospitals and health systems use third-party technologies to enhance their websites, including in the following ways:</p> <ul> <li><strong>Analytics tools</strong> convert web users鈥� interactions with hospital webpages into critical data, such as the level and concentrations of community concern on particular medical questions, or the areas of a hospital website on which people have trouble navigating. Website data analytics can tell a hospital how many IP addresses in the past month looked for information about, say, RSV vaccines or diabetes treatment in a particular area, which in turn allows hospitals to more effectively allocate their medical and other resources. These tools also help hospitals ensure that their public-facing webpages are user-friendly, helping community members to more easily navigate to healthcare information so that they can better manage their healthcare. For instance, hospitals can improve the functionality of their websites鈥� design so that they deliver a maximally seamless experience for individuals with disabilities, facilitating compliance with the Americans With Disabilities Act.</li> <li><strong>Video technologies</strong> allow hospitals to offer a wide range of information to the public, including videos that educate the community about particular health conditions and that allow visitors to virtually tour the facilities where particular procedures are performed.</li> <li><strong>Translation technologies</strong> help non-English speakers access vital healthcare information on hospitals鈥� webpages.</li> <li><strong>Map and location technologies</strong> provide better information about where healthcare services are available, including embedded applications that provide bus schedules or driving directions to and from a community member鈥檚 location.</li> </ul> <p>6. Third-party technologies like these, which typically rely on a visitor鈥檚 IP address to function, enable hospitals and health systems to hone their websites鈥� functionality and the helpfulness of their information. Just as crucially, these technologies allow hospitals and health systems to adjust and publicize information and services in response to public need and thereby improve public health, all without compromising the HIPAA balance.</p> <p>7. In December 2022, however, the Office for Civil Rights (OCR) in HHS precipitously upended the balance that HIPAA and its regulations strike between privacy and information-sharing. Without consulting healthcare providers, third-party technology vendors, or the public at large, the agency issued a sub-regulatory guidance document that has had profound effects on hospitals, health systems, and the communities they serve. <em>See Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates</em> (Bulletin), https://perma.cc/58V6-NTMG.</p> <p>8. In that bolt-from-the-blue 鈥淏ulletin,鈥� OCR took the position that when an online technology connects (1) an individual鈥檚 IP address with (2) a visit to an Unauthenticated Public Webpage that addresses specific health conditions or healthcare providers, that combination of information (the Proscribed Combination) is subject to restrictions on use and disclosure under HIPAA. For example, if a public-health researcher used her personal computer to search a hospital鈥檚 webpage for the availability of dialysis appointments, the technology鈥檚 combination of (1) the researcher鈥檚 IP address and (2) the visit to a page addressing dialysis appointments would, according to the Bulletin, be subject to HIPAA鈥檚 requirements. So too if the technology combined (1) the IP address of an individual who used his personal computer on behalf of an elderly neighbor (2) to read a hospital鈥檚 webpage with information about the onset of Alzheimer鈥檚 disease.</p> <p>9. Remarkably, it appears that OCR issued the Bulletin without even consulting the federal government鈥檚 own website operators, because agencies that are covered entities under HIPAA themselves use the same third-party technologies on their webpages and create the Proscribed Combination. As one of many possible examples, web browser inspection and source tools show that, among other technologies, third-party analytics and advertising tools are present on Veterans Health Administration webpages addressing specific health conditions and healthcare providers, including but not limited to a page describing the symptoms of post-traumatic stress disorder and pointing veterans to treatment resources:</p> <p><img alt="U.S. Department of Veterans Affairs website screencap with red boxes added for emphasis." data-entity-type="file" data-entity-uuid="6e2c6f6d-cbaa-4e01-85eb-274800da9201" src="/sites/default/files/inline-images/US-Department-of-Veterans-Affairs-website-screencap-with-red-highlights_0.png" width="796" height="522"></p> <p><em>See, e.g., Mental Health,</em> U.S. Dep鈥檛 of Veterans Affairs, mentalhealth.va.gov/ptsd/index.asp (last visited Oct. 31, 2023) (red boxes added for emphasis).</p> <p><strong><em><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Read the entire case complaint.</a></em></strong></p> </div> <div class="col-md-4"> <p><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer" target="_blank" title="Click here to download the Case Complaint: AHA, THA, THR, United Health Care System v. Rainer PDF."><img alt="Case Complaint: AHA, THA, THR, United Health Care System v. Rainer page 1." data-entity-type="file" data-entity-uuid="86e9eb85-58ab-4177-bd94-f32f75a79797" src="/sites/default/files/inline-images/Page-1-Case-Complaint-AHA-THA-THR-United-Health-Care-System-v-Rainer.png" width="695" height="900"></a></p> </div> </div> </div> Thu, 02 Nov 2023 10:01:13 -0500 Data Standards /press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their <div class="container"> <div class="row"> <div class="col-md-8"> <p><strong>WASHINGTON</strong> (November 2, 2023) 鈥� The 黑料正能量 Association (AHA), joined by the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, today sued the federal government to bar enforcement of an unlawful, harmful, and counterproductive rule that has upended hospitals鈥� and health systems鈥� ability to share health care information with the communities they serve, analyze their own websites to enhance accessibility, and improve public health.</p> <p>鈥淭he Department of Health and Human Services鈥� new rule restricting the use of critical third-party technologies has real-world impacts on the public, who are now unable to access vital health information. In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including Medicare.gov, Tricare.mil, Health.mil, and various Veterans Health Administration sites. We cannot understand why HHS created this 鈥榬ule for thee but not for me,鈥欌€� <strong>said Rick Pollack, AHA President and CEO.</strong></p> <p>Today鈥檚 lawsuit challenges a 鈥淏ulletin鈥� issued by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) entitled, <em>鈥淯se of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.鈥�</em> This December 2022 鈥淏ulletin鈥� restricts hospitals from using standard third-party web technologies that capture IP addresses on portions of hospitals鈥� public-facing webpages that address health conditions or health care providers. For example, under HHS鈥� new rule, if someone visited a hospital website on behalf of her elderly neighbor to learn more about Alzheimer鈥檚 disease, a hospital鈥檚 use of any third-party technology that captures an IP address from that visit would expose that hospital to federal enforcement actions and significant civil penalties.</p> 鈥淪imply put, OCR鈥檚 new rule harms the very people it purports to protect,鈥� <strong>Pollack said.</strong> 鈥淭he federal government鈥檚 repeated threats to enforce this unlawful rule tie hospitals鈥� hands as trusted messengers of reliable health care information.鈥� <p>Hospitals and health systems have long honored the core objectives of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), America鈥檚 primary health care privacy law. Congress enacted this law to strike a balance between protecting patients鈥� health information and ensuring the flow of information needed to provide communities with high quality care. The Bulletin, which HHS issued without consulting health care providers, third-party technology vendors, or the public at large, upsets HIPAA鈥檚 careful balance, preventing hospitals from using commonplace web technologies to analyze use of their websites and communicate effectively with the populations they serve.</p> <p>As alleged in the Complaint, HHS鈥� Medicare.gov, the Department of Defense Military Health System and Defense Health Agency, and various U.S. Veterans Health Administration sites continue to use these third-party technologies despite being covered entities under HIPAA. For example, forensic tools revealed that the Veterans Health Administration uses analytics and advertising tools on a wide range of sites, including online resources that describe the symptoms of post-traumatic stress disorder and point veterans to available treatment options. While dozens of hospitals across the country have received enforcement threats, and hospitals are currently under active investigation by OCR, the federal government has not halted its own use of these vital tools.</p> <p>Web tools that are ineffective without access to IP-address information include:</p> <div class="row"> <div class="col-md-2"> <p><img alt="Analytics software icon" data-entity-type="file" data-entity-uuid="d94eecc2-1698-4e1a-8392-ca1d38143b56" src="/sites/default/files/inline-images/analytics-software-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Analytics software</strong> that converts interactions with hospital web pages into critical data, such as the level and concentration of community concern on particular medical questions or the areas of a hospital website on which people have trouble navigating.</p> </div> </div> <div class="row"> <div class="col-md-2"> <p><img alt="Video technologies icon" data-entity-type="file" data-entity-uuid="c99d2b86-1923-4d0f-a4bf-6bb3127657ca" src="/sites/default/files/inline-images/video-technologies-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Video technologies</strong> that allow hospitals to offer a wide range of information and education materials to the public, including visuals that educate the community about particular health conditions and that allow visitors to virtually tour the facilities where particular procedures are performed.</p> </div> </div> <div class="row"> <div class="col-md-2"> <p><img alt="Translation and accessibility services icon" data-entity-type="file" data-entity-uuid="466059d6-72d8-42e1-b590-20405682a5ff" src="/sites/default/files/inline-images/translation-and-accessibility-service-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Translation and accessibility services</strong> that help persons with limited English proficiency and people with disabilities access vital health care information on hospitals鈥� webpages.</p> </div> </div> <div class="row"> <div class="col-md-2"> <p><img alt="Digital maps icon" data-entity-type="file" data-entity-uuid="ef38859b-c02a-4e39-9532-f9a8d52711e2" src="/sites/default/files/inline-images/digital-maps-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Digital maps</strong> that provide information about where health care services are available, including embedded applications that provide public transportation schedules or driving directions to and from a community member鈥檚 location.</p> </div> </div> <p>The suit alleges that HHS鈥檚 new rule exceeds its statutory authority under HIPAA. That statute allows hospitals to rely on third-party tools that capture IP address information because that information cannot reasonably be used to identify the individual whose health care relates to the webpage visit. By reaching beyond the law to restrict use of these common tools on public-facing webpages, OCR exceeded its statutory authority. In addition to exceeding its statutory authority under HIPAA, the suit alleges that OCR unlawfully issued this Bulletin without providing any reasoning supporting its novel legal assertions, without acknowledging the government鈥檚 own use of implicated third-party technologies, and without following required notice-and-comment rulemaking processes. Prior to issuing this rule, the federal government did not consult with hospitals and health systems about their use of third-party technologies that depend on the collection of IP addresses or the impact that its new rule would have on patients or communities. Instead, the agency began aggressively threatening regulatory enforcement and serious civil penalties against hospitals and health systems. After attempts to engage with HHS officials to educate them about the impact of their new rule, the AHA determined it was necessary to file suit on behalf of its members to prevent the agency from unlawfully penalizing hospitals.</p> <p>For additional information about the lawsuit, a copy of the complaint can be found at on AHA鈥檚 webpage.</p> <div class="row"> <div class="col-md-1"> <p>Contact:</p> </div> <div class="col-md-11"> <p>Colin Milligan, <a href="mailto:cmilligan@aha.org?subject=Hospital Associations and Hospitals File Lawsuit Challenging Federal Rule That Ties Providers鈥� Hands in Their Efforts to Reach the Communities They Serve">cmilligan@aha.org</a><br> Colleen Kincaid, <a href="mailto:ckincaid@aha.org?subject=Hospital Associations and Hospitals File Lawsuit Challenging Federal Rule That Ties Providers鈥� Hands in Their Efforts to Reach the Communities They Serve">ckincaid@aha.org</a></p> </div> </div> <p>###</p> <h2>About the 黑料正能量 Association</h2> <p>The 黑料正能量 Association (AHA) is a not-for-profit association of health care provider organizations and individuals that are committed to the health improvement of their communities. The AHA advocates on behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners 鈥� including more than 270,000 affiliated physicians, 2 million nurses and other caregivers 鈥� and the 43,000 health care leaders who belong to our professional membership groups. Founded in 1898, the AHA provides insight and education for health care leaders and is a source of information on health care issues and trends.</p> <h2>About the Texas Hospital Association</h2> <p>Founded in 1930, the Texas Hospital Association (THA) is the leadership organization and principal advocate for the state鈥檚 hospitals and health care systems. Based in Austin, THA enhances its members鈥� abilities to improve accessibility, quality and cost-effectiveness of health care for all Texans. One of the largest hospital associations in the country, THA represents 452 of the state鈥檚 non-federal general and specialty hospitals and health care systems, which employ some 400,000 health care professionals statewide.</p> <h2>About Texas Health Resources</h2> <p>Texas Health Resources is a faith-based, nonprofit health system that cares for more patients in North Texas than any other provider. With a service area that consists of 16 counties and more than 7 million people, the system is committed to providing quality, coordinated care through its Texas Health Physicians Group and 29 hospital locations under the banners of Texas Health Presbyterian, Texas Health Arlington Memorial, Texas Health Harris Methodist and Texas Health Huguley. Texas Health access points and services, ranging from acute-care hospitals and trauma centers to outpatient facilities and home health and preventive services, provide the full continuum of care for all stages of life. The system has more than 4,100 licensed hospital beds, 6,400 physicians with active staff privileges and more than 29,000 employees.</p> <h2>About United Regional Health Care System</h2> <p>United Regional Health Care System is located in Wichita Falls, Texas, and provides comprehensive medical care including inpatient and outpatient services, advanced diagnostics, surgical specialties, and life-saving emergency care to a nine-county service area. We have the area鈥檚 only Level II Trauma Center and serve as the Primary Stroke Center for the region. United Regional鈥檚 passion is to provide excellence in health care for the communities we serve. To accomplish this passion, the System continues to reinvest in advanced technology, modern facilities, and the recruitment and retention of highly skilled employees and physicians to ensure that the current and future medical needs of the area are met.</p> </div> <div class="col-md-4"> <div class="panel module-typeC"> <div class="panel-heading"> <h3 class="panel-title">Related Resources</h3> </div> <div class="panel-body"> <ul> <li><a href="/legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities">Lawsuit Overview</a></li> <li><a href="/press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their">Press Release</a></li> <li><a href="/special-bulletin/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands">Special Bulletin</a></li> <li><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Case Complaint</a></li> <li><a href="/legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer">Case Explainer</a></li> <li><a href="/frequently-asked-questions-faqs/2023-11-02-myth-vs-fact-hhs-ocr-online-tracking-rule">Myth vs. Fact Document</a></li> </ul> </div> </div> </div> </div> </div> Thu, 02 Nov 2023 08:56:55 -0500 Data Standards <div class="container"> <div class="row"> <div class="col-md-8"> <p>The 黑料正能量 Association (AHA), joined by the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, today sued the federal government to bar enforcement of an unlawful, harmful, and counterproductive rule that has upended hospitals鈥� and health systems鈥� ability to share health care information with the communities they serve, analyze their own websites to enhance accessibility, and improve public health.</p> <p>鈥淭he Department of Health and Human Services鈥� new rule restricting the use of critical third-party technologies has real-world impacts on the public, who are now unable to access vital health information. In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including Medicare.gov, Tricare.mil, Health.mil, and various Veterans Health Administration sites. We cannot understand why HHS created this 鈥榬ule for thee but not for me,鈥欌€� said Rick Pollack, AHA President and CEO.</p> <p>Today鈥檚 lawsuit challenges a 鈥淏ulletin鈥� issued by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) entitled, <em>鈥淯se of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.鈥�</em> This December 2022 鈥淏ulletin鈥� restricts hospitals from using standard third-party web technologies that capture IP addresses on portions of hospitals鈥� public-facing webpages that address health conditions or health care providers. For example, under HHS鈥� new rule, if someone visited a hospital website on behalf of her elderly neighbor to learn more about Alzheimer鈥檚 disease, a hospital鈥檚 use of any third-party technology that captures an IP address from that visit would expose that hospital to federal enforcement actions and significant civil penalties.</p> <p>Hospitals and health systems have long honored the core objectives of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), America鈥檚 primary health care privacy law. Congress enacted this law to strike a balance between protecting patients鈥� health information and ensuring the flow of information needed to provide communities with high quality care. The Bulletin, which HHS issued without consulting health care providers, third-party technology vendors, or the public at large, upsets HIPAA鈥檚 careful balance, preventing hospitals from using commonplace web technologies to analyze use of their websites and communicate effectively with the populations they serve.</p> <p>As alleged in the complaint, HHS鈥� Medicare.gov, the Department of Defense Military Health System and Defense Health Agency, and various U.S. Veterans Health Administration sites continue to use these third-party technologies despite being covered entities under HIPAA. For example, forensic tools revealed that the Veterans Health Administration uses analytics and advertising tools on a wide range of sites, including online resources that describe the symptoms of post-traumatic stress disorder and point veterans to available treatment options. While dozens of hospitals across the country have received enforcement threats, and hospitals are currently under active investigation by OCR, the federal government has not halted its own use of these vital tools.</p> <p>Web tools that are ineffective without access to IP-address information include analytics software, video technologies that offers the public education and information on health conditions, translation and accessibility services and digital maps among others.</p> <p>The suit alleges that HHS鈥� new rule exceeds its statutory authority under HIPAA. That statute allows hospitals to rely on third-party tools that capture IP address information because that information cannot reasonably be used to identify an individual whose health care relates to the webpage visit. By restricting use of these common tools on public-facing webpages on this basis, OCR violated HIPAA and has acted without legal authority. In addition, the suit alleges that OCR unlawfully issued this Bulletin without providing any reasoning supporting its novel legal assertions, without acknowledging the government鈥檚 own use of implicated third-party technologies, and without following required notice-and-comment rulemaking processes. Prior to issuing this rule, the federal government did not consult with hospitals and health systems about their use of third-party technologies that depend on the collection of IP addresses or the impact that its new rule would have on patients or communities. Instead, the agency began aggressively threatening regulatory enforcement and serious civil penalties against hospitals and health systems. After attempts to engage with HHS officials to educate them about the impact of their new rule, the AHA determined that it was necessary to file suit on behalf of its members to prevent the agency from unlawfully penalizing hospitals.</p> <p><strong>For additional information about the lawsuit and the issue, visit <a href="/legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities" target="_blank">AHA's lawsuit webpage</a>.</strong></p> <h2>Further Questions</h2> <p>If you have further questions, please contact Chad Golder at <a href="mailto:cgolder@aha.org?subject=Special Bulletin: Hospital Associations and Hospitals File Lawsuit Challenging Federal Rule That Ties Providers鈥� Hands In Their Efforts to Reach the Communities They Serve">cgolder@aha.org</a>.</p> </div> <div class="col-md-4"> <div class="panel module-typeC"> <div class="panel-heading"> <h3 class="panel-title">Related Resources</h3> </div> <div class="panel-body"> <ul> <li><a href="/legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities">Lawsuit Overview</a></li> <li><a href="/press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their">Press Release</a></li> <li><a href="/special-bulletin/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands">Special Bulletin</a></li> <li><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Case Complaint</a></li> <li><a href="/legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer">Case Explainer</a></li> <li><a href="/frequently-asked-questions-faqs/2023-11-02-myth-vs-fact-hhs-ocr-online-tracking-rule">Myth vs. Fact Document</a></li> </ul> </div> </div> <hr> <p><a href="/system/files/media/file/2023/11/Special-Bulletin-Hospital-Associations-and-Hospitals-File-Lawsuit-Challenging-Federal-Rule.pdf" target="_blank" title="Click here to download the Special Bulletin: Hospital Associations and Hospitals File Lawsuit Challenging Federal Rule That Ties Providers鈥� Hands In Their Efforts to Reach the Communities They Serve PDF."><img alt="Special Bulletin: Hospital Associations and Hospitals File Lawsuit Challenging Federal Rule That Ties Providers鈥� Hands In Their Efforts to Reach the Communities They Serve page 1." data-entity-type="file" data-entity-uuid="c3488be6-06a3-4d7f-ab55-cd3d64d32b50" src="/sites/default/files/inline-images/Page-1-Special-Bulletin-Hospital-Associations-and-Hospitals-File-Lawsuit-Challenging-Federal-Rule.png" width="1692" height="2189"></a></p> </div> </div> </div> Thu, 02 Nov 2023 08:23:25 -0500 Data Standards /legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer <div class="container"> <div class="row"> <div class="col-md-8"> <h2><span>What is this case about?</span></h2> <p><em>黑料正能量 Association (AHA) v. Rainer</em> concerns a new rule from the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) that severely restricts hospitals鈥� ability to rely on common third-party technologies that they use to analyze their websites and communicate reliable, accurate health information to the communities they serve. A massive overreach by the federal bureaucracy, the HHS rule exceeds the government鈥檚 statutory and constitutional authority, fails to satisfy the requirements for agency rulemaking, and harms the very people it purports to protect.</p> </div> <div class="col-md-4"> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2023/11/Case-Explainer-American-Hospital-Association-v-Rainer.pdf" target="_blank" title="Click here to download the Case Explainer: 黑料正能量 Association v. Rainer PDF.">Download the Case Explainer PDF</a></div> </div> </div> <div class="row"> <div class="col-md-8"> <p>Without soliciting input or feedback from the public or health care providers, and without following legally required notice-and-comment rulemaking processes, HHS-OCR issued this new rule in December 2022 and has since aggressively threatened regulatory enforcement and serious civil penalties against hospital systems and telehealth providers. The AHA, alongside the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, has filed a lawsuit in federal court seeking to enjoin the government鈥檚 enforcement of this new rule (known as the 鈥淏ulletin鈥�).</p> <h2><span>What鈥檚 at stake?</span></h2> <p>The AHA, along with its co-plaintiffs in this case, allege that the OCR Bulletin is unlawful, harmful, and counterproductive. That new rule ties hospitals鈥� hands when it comes to using their websites to reach the communities they serve with important and truthful health information, and it upsets the careful balance that the Health Insurance Portability and Accountability Act of 1996 (HIPAA) 鈥� America鈥檚 primary health care privacy law 鈥� strikes between privacy-protection and information-sharing.</p> <p>Providers are now unable to use third-party technologies to enhance their websites and better reach members of their communities. Web tools that are ineffective because of the new rule include:</p> <div class="row"> <div class="col-md-2"> <p><img alt="Analytics software icon" data-entity-type="file" data-entity-uuid="d94eecc2-1698-4e1a-8392-ca1d38143b56" src="/sites/default/files/inline-images/analytics-software-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Analytics software</strong> that converts interactions with hospital web pages into critical data, such as the level and concentration of community concern on particular medical questions or the areas of a hospital website on which people have trouble navigating.</p> </div> </div> <div class="row"> <div class="col-md-2"> <p><img alt="Video technologies icon" data-entity-type="file" data-entity-uuid="c99d2b86-1923-4d0f-a4bf-6bb3127657ca" src="/sites/default/files/inline-images/video-technologies-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Video technologies</strong> that allow hospitals to offer a wide range of information and education materials to the public, including visuals that educate the community about particular health conditions and that allow visitors to virtually tour the facilities where particular procedures are performed.</p> </div> </div> <div class="row"> <div class="col-md-2"> <p><img alt="Translation and accessibility services icon" data-entity-type="file" data-entity-uuid="466059d6-72d8-42e1-b590-20405682a5ff" src="/sites/default/files/inline-images/translation-and-accessibility-service-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Translation and accessibility services</strong> that help persons with limited English proficiency and people with disabilities access vital health care information on hospitals鈥� webpages.</p> </div> </div> <div class="row"> <div class="col-md-2"> <p><img alt="Digital maps icon" data-entity-type="file" data-entity-uuid="ef38859b-c02a-4e39-9532-f9a8d52711e2" src="/sites/default/files/inline-images/digital-maps-icon.png" width="72" height="72" class="align-right"></p> </div> <div class="col-md-10"> <p><strong>Digital maps</strong> that provide information about where health care services are available, including embedded applications that provide public transportation schedules or driving directions to and from a community member鈥檚 location.</p> </div> </div> <p>These third-party technologies are so essential that the federal government itself uses them for agency web pages that are covered entities under HIPAA 鈥� including HHS鈥� Medicare.gov, Tricare鈥檚 tricare.mil, and various Veterans Health Administration sites. For example, forensic tools indicate that the Veterans Health Administration uses analytics and advertising tools on a wide range of sites, including online resources describing the symptoms of post-traumatic stress disorder and pointing veterans to available treatment options.</p> <p><img alt="U. S. Department of Veterans Affairs website screenshot." data-entity-type="file" data-entity-uuid="904ca6f6-5383-4ad2-8594-7b7cb646209e" src="/sites/default/files/inline-images/US-Department-of-Veterans-Affairs-website-screencap-with-red-highlights.png" width="796" height="522"></p> <h2><span>Background and Case History</span></h2> <ul> <li><span><strong>Understanding OCR鈥檚 Bulletin:</strong></span> In December 2022, OCR released new guidance entitled <em>鈥淯se of Online Tracking Technologies by HIPAA Covered Entities and Business Associates,鈥�</em> which restricts hospitals from using third-party technologies that capture IP addresses on the portions of hospitals鈥� public-facing webpages that address health conditions or health care providers. Broadly treating IP addresses as protected information under HIPAA, this new rule subjects hospitals to enforcement actions and civil penalties under HIPAA if they do not comply with OCR鈥檚 new rule, forcing providers to strip their websites of these valuable technologies. OCR has since sent letters directly to hospitals threatening enforcement actions if they do not comply with the guidance, and OCR officials have publicly stated that they are conducting investigations into hospitals and health systems across the country to highlight its message.</li> <li><span><strong>Defining Private Health Data Under HIPAA:</strong></span> HIPAA prohibits health care providers from disclosing information that relates to a particular individual鈥檚 health, care, or payment for care, and that could reasonably be used to identify the same individual. OCR鈥檚 Bulletin provides no basis or evidence suggesting that an IP address鈥檚 web visit can be used to identify the individual whose health, care, or payment for care actually relates to the web visit. For example, someone may visit a hospital鈥檚 public-facing website to search for information on behalf of a family member, friend, or neighbor. Or that person may just have general curiosity about a health-related topic in the news. When she visits a hospital鈥檚 website and necessarily provides her IP-address鈥攁s all web visitors do鈥攕he is not disclosing private information within the statutory meaning of HIPAA. By reaching beyond the law to forbid hospitals from using these tools on public-facing webpages, OCR exceeded its statutory authority. In fact, one federal court in Illinois has already held that OCR鈥檚 rule 鈥済oes well beyond the meaning of what the [HIPAA] statute can bear.鈥� <em>Kurowski v. Rush Sys. for Health,</em> 2023 WL 4707184, at *4 (N.D. Ill. July 24, 2023).</li> <li><span><strong>Legally Required Reasoning, Rulemaking Process:</strong></span> OCR unlawfully issued the Bulletin without providing any reasoning supporting its novel legal assertions or acknowledging the government鈥檚 own use of implicated third-party technologies by agencies that are covered entities under HIPAA. Further, prior to issuing its new rule, OCR did not consult hospitals and health systems about their use of online technologies or the impact that its new rule would have on potential patients or community members, and therefore it failed to follow the legally required notice-and-comment rulemaking process. The AHA sought to educate OCR about the widespread adverse impacts of this rule. After several months of outreach, the AHA was finally given an audience with OCR, but OCR refused to address any of the concerns raised by the AHA. Instead, OCR and the Federal Trade Commission sent letters to 130 hospitals (including Plaintiff Texas Health Resources) and telehealth providers threatening enforcement action, and later publicized the names of the letter-recipients on the agencies鈥� websites.</li> <li><span><strong>The AHA鈥檚 Objectives in Court: </strong></span>Through this lawsuit, the AHA is asking the district court to prevent OCR from enforcing this unlawful rule, so that the HIPAA balance is restored. More specifically, plaintiffs are seeking (1) declaratory judgment that IP addresses are not considered individually identifiable health information under statutory and regulatory definitions, (2) a permanent freeze on OCR鈥檚 enforcement of this rule, and (3) further relief that the court may deem just and proper 鈥� including, but not limited to, reasonable fees and costs.</li> </ul> <h2><span>About the 黑料正能量 Association</span></h2> <p>The 黑料正能量 Association (AHA) is a not-for-profit association of health care provider organizations and individuals that are committed to the health improvement of their communities. The AHA advocates on behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners 鈥� including more than 270,000 affiliated physicians, 2 million nurses and other caregivers 鈥� and the 43,000 health care leaders who belong to our professional membership groups. Founded in 1898, the AHA provides insight and education for health care leaders and is a source of information on health care issues and trends. For more information, visit the AHA website at <a href="/">www.aha.org</a>. For media inquiries, please contact the AHA鈥檚 Senior Vice President, Communications Alicia Mitchell: <a href="mailto:amitchell@aha.org?subject=Case Explainer: 黑料正能量 Association v. Rainer">amitchell@aha.org</a>.</p> </div> <div class="col-md-4"> <div class="panel module-typeC"> <div class="panel-heading"> <h3 class="panel-title">Related Resources</h3> </div> <div class="panel-body"> <ul> <li><a href="/legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities">Lawsuit Overview</a></li> <li><a href="/press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their">Press Release</a></li> <li><a href="/special-bulletin/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands">Special Bulletin</a></li> <li><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Case Complaint</a></li> <li><a href="/legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer">Case Explainer</a></li> <li><a href="/frequently-asked-questions-faqs/2023-11-02-myth-vs-fact-hhs-ocr-online-tracking-rule">Myth vs. Fact Document</a></li> </ul> </div> </div> <hr> <p><a href="/system/files/media/file/2023/11/Case-Explainer-American-Hospital-Association-v-Rainer.pdf" target="_blank" title="Click here to download the Case Explainer: 黑料正能量 Association v. Rainer PDF."><img alt="Case Explainer: 黑料正能量 Association v. Rainer page 1." data-entity-type="file" data-entity-uuid="90d74f86-b3f4-4390-aadb-246a64078d89" src="/sites/default/files/inline-images/Page-1-Case-Explainer-American-Hospital-Association-v-Rainer.png" width="695" height="900"></a></p> </div> </div> </div> Thu, 02 Nov 2023 06:00:00 -0500 Data Standards <div class="container"> <div class="row"> <div class="col-md-8"> <p>Without consulting health care providers or complying with legally required processes, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently issued a new rule restricting hospitals from using third-party technologies that capture IP addresses on the portions of hospitals鈥� public-facing webpages that address health conditions or health care providers. This new rule 鈥� known as the Bulletin 鈥� has prevented hospitals and health systems from reaching the communities they serve and upended their ability to share critical health information with the public.</p> </div> <div class="col-md-4"> <div class="external-link spacer"><a class="btn btn-wide btn-primary" href="/system/files/media/file/2023/11/Myth-vs-Fact-HHS-OCR-Online-Tracking-Rule.pdf" target="_blank" title="Click here to download the Myth vs. Fact: HHS-OCR Online Tracking Rule PDF.">Download the Myth vs. Fact PDF</a></div> </div> </div> <div class="row"> <div class="col-md-8"> <p>After attempts to engage OCR officials to educate them about the impact of their new rule, the 黑料正能量 Association (AHA) determined it was necessary but to file a lawsuit on behalf of its members that wish to use their websites to provide the communities they serve with critical health care information without fear of repercussions. Below is a list of OCR鈥檚 claims about these third-party technologies and its Bulletin, along with the realities of how these technologies function and how the new rule was issued.</p> .th1 { background-color: #003087; color: white; } .th2 { background-color: #307fe2; color: white; } table, th, td { border: 1px solid; } <table> <tbody> <tr> <th class="th1">OCR Claim</th> <th class="th2">Facts</th> </tr> <tr> <td> <p><strong>OCR Claim #1:</strong><br> Online technologies violate HIPAA.</p> </td> <td> <p>protects patients鈥� health information without compromising the flow of health care information to the public. These technologies allow providers to use nonprivate information from publicly accessible websites to improve care and disseminate accurate, reliable information 鈥� something the federal government itself encourages. These technologies do not disclose private information from patient records or billing statements. And the AHA does not seek to allow the use of third-party technologies on the password-protected portions of hospitals鈥� websites such as patient portals.</p> <p>OCR鈥檚 Bulletin provides no basis or evidence suggesting that an IP address鈥檚 public website visit can be used to identify the individual whose health, care, or payment for care relates to the website visit. By reaching beyond the law to forbid using these tools on public-facing webpages, OCR exceeded its authority under HIPAA.</p> </td> </tr> <tr> <td> <p><strong>OCR Claim #2:</strong><br> The risks associated with online technologies outweigh the benefits.</p> </td> <td> <p>Without access to IP-address information, the following commonplace web tools are ineffective:</p> <ol> <li><strong>Analytics software</strong> that converts interactions with hospital web pages into critical data, such as the specific medical concerns in various communities and the areas of hospital websites that are difficult to navigate.</li> <li><strong>Video technologies</strong> that educate communities on health conditions, allow visitors to virtually tour the facilities where procedures are performed, etc.</li> <li><strong>Translation and accessibility services</strong> that help people with limited English proficiency and people with disabilities access vital health care information on hospitals鈥� webpages.</li> <li><strong>Digital maps</strong> that provide information about where health care services are available, including embedded applications with public transportation schedules and driving directions.</li> </ol> </td> </tr> <tr> <td> <p><strong>OCR Claim #3:</strong><br> Online technologies have no place on health care websites.</p> </td> <td> <p>These third-party technologies are so essential that the government itself uses them on the webpages of agencies covered under HIPAA, including <a href="https://www.medicare.gov/" target="_blank">Medicare.gov</a>, <a href="https://tricare.mil/" target="_blank">Tricare.mil</a>, and the Veterans Health Administration.</p> <p>For example, forensic tools show that the Veterans Health Administration uses analytics and advertising software on a range of sites, including online resources on the symptoms of and treatment options for post-traumatic stress disorder.</p> </td> </tr> <tr> <td> <p><strong>OCR Claim #4:</strong><br> OCR met with the AHA to learn about the concerns with the Bulletin from hospitals and health systems before issuing it.</p> </td> <td> <p>OCR unlawfully issued its Bulletin without providing any reasoning to support its novel legal assertions and without undertaking standard, required notice-and-comment rulemaking processes. Prior to issuing its new rule, OCR did not consult hospitals and health systems about their use of online technologies or the impact that its new rule would have on potential patients or community members.</p> <p>After repeated attempts by the AHA to schedule a meeting, the OCR finally agreed to sit down with the AHA last spring, but the agency refused to address any of the AHA鈥檚 concerns. Instead, OCR and the Federal Trade Commission sent letters to 130 hospitals and telehealth providers threatening enforcement and later publishing the providers鈥� names. Some of these hospitals had no idea why they received a letter before their names were published, and many had long disabled these valuable third-party technologies to avoid the very enforcement threats that OCR made in these letters</p> </td> </tr> <tr> <td> <p><strong>OCR Claim #5:</strong><br> The fact that an IP address searched for health information can be used to identify the person whose health care relates to the search. That is why the combination of an IP address and webpage visits should be protected health care information.</p> </td> <td>This is not protected information under the law because it cannot reasonably be used to identify the individual whose health care actually relates to the webpage visit. For example, the user could be searching for health information on behalf of a family member or for research purposes, but under OCR鈥檚 new rule, the visits to public-facing webpages are subject to HIPAA restrictions.</td> </tr> </tbody> </table> <h2>About the 黑料正能量 Association</h2> <p>The 黑料正能量 Association (AHA) is a not-for-profit association of health care provider organizations and individuals that are committed to the health improvement of their communities. The AHA advocates on behalf of our nearly 5,000 member hospitals, health systems and other health care organizations, our clinician partners 鈥� including more than 270,000 affiliated physicians, 2 million nurses and other caregivers 鈥� and the 43,000 health care leaders who belong to our professional membership groups. Founded in 1898, the AHA provides insight and education for health care leaders and is a source of information on health care issues and trends. For more information, visit the AHA website at <a href="/">www.aha.org</a>.</p> </div> <div class="col-md-4"> <div class="panel module-typeC"> <div class="panel-heading"> <h3 class="panel-title">Related Resources</h3> </div> <div class="panel-body"> <ul> <li><a href="/legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities">Lawsuit Overview</a></li> <li><a href="/press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their">Press Release</a></li> <li><a href="/special-bulletin/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands">Special Bulletin</a></li> <li><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Case Complaint</a></li> <li><a href="/legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer">Case Explainer</a></li> <li><a href="/frequently-asked-questions-faqs/2023-11-02-myth-vs-fact-hhs-ocr-online-tracking-rule">Myth vs. Fact Document</a></li> </ul> </div> </div> <hr> <p><a href="/system/files/media/file/2023/11/Myth-vs-Fact-HHS-OCR-Online-Tracking-Rule.pdf" target="_blank" title="Click here to download the Myth vs. Fact: HHS-OCR Online Tracking Rule PDF."><img alt="Myth vs. Fact: HHS-OCR Online Tracking Rule page 1." data-entity-type="file" data-entity-uuid="c8e629d2-4411-42b5-af3e-f29bc04235d7" src="/sites/default/files/inline-images/Page-1-Myth-vs-Fact-HHS-OCR-Online-Tracking-Rule.png" width="695" height="900"></a></p> </div> </div> </div> Thu, 02 Nov 2023 06:00:00 -0500 Data Standards /legal-documents/2023-11-02-lawsuit-challenges-federal-rule-ties-providers-hands-efforts-reach-their-communities <div class="container"> <div class="row"> <div class="col-md-8"> <p>The 黑料正能量 Association (AHA), joined by the Texas Hospital Association, Texas Health Resources, and United Regional Health Care System, today sued the federal government to bar enforcement of an unlawful, harmful, and counterproductive rule that has upended hospitals鈥� and health systems鈥� ability to share health care information with the communities they serve, analyze their own websites to enhance accessibility, and improve public health.</p> <p>鈥淭he Department of Health and Human Services鈥� new rule restricting the use of critical third-party technologies has real-world impacts on the public, who are now unable to access vital health information. In fact, these technologies are so essential that federal agencies themselves still use many of the same tools on their own webpages, including Medicare.gov, Tricare.mil, Health.mil, and various Veterans Health Administration sites. We cannot understand why HHS created this 鈥榬ule for thee but not for me,鈥欌€� said Rick Pollack, AHA President and CEO.</p> <p>Today鈥檚 lawsuit challenges a 鈥淏ulletin鈥� issued by the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) entitled, <em>鈥淯se of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.鈥�</em> This December 2022 鈥淏ulletin鈥� restricts hospitals from using standard third-party web technologies that capture IP addresses on portions of hospitals鈥� public-facing webpages that address health conditions or health care providers. For example, under HHS鈥� new rule, if someone visited a hospital website on behalf of her elderly neighbor to learn more about Alzheimer鈥檚 disease, a hospital鈥檚 use of any third-party technology that captures an IP address from that visit would expose that hospital to federal enforcement actions and significant civil penalties.</p> <p>Hospitals and health systems have long honored the core objectives of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), America鈥檚 primary health care privacy law. Congress enacted this law to strike a balance between protecting patients鈥� health information and ensuring the flow of information needed to provide communities with high quality care. The Bulletin, which HHS issued without consulting health care providers, third-party technology vendors, or the public at large, upsets HIPAA鈥檚 careful balance, preventing hospitals from using commonplace web technologies to analyze use of their websites and communicate effectively with the populations they serve.</p> <p>As alleged in the complaint, HHS鈥� Medicare.gov, the Department of Defense Military Health System and Defense Health Agency, and various U.S. Veterans Health Administration sites continue to use these third-party technologies despite being covered entities under HIPAA. For example, forensic tools revealed that the Veterans Health Administration uses analytics and advertising tools on a wide range of sites, including online resources that describe the symptoms of post-traumatic stress disorder and point veterans to available treatment options. While dozens of hospitals across the country have received enforcement threats, and hospitals are currently under active investigation by OCR, the federal government has not halted its own use of these vital tools.</p> <p>Web tools that are ineffective without access to IP-address information include analytics software, video technologies that offers the public education and information on health conditions, translation and accessibility services and digital maps among others.</p> <p>The suit alleges that HHS鈥� new rule exceeds its statutory authority under HIPAA. That statute allows hospitals to rely on third-party tools that capture IP address information because that information cannot reasonably be used to identify an individual whose health care relates to the webpage visit. By restricting use of these common tools on public-facing webpages on this basis, OCR violated HIPAA and has acted without legal authority. In addition, the suit alleges that OCR unlawfully issued this Bulletin without providing any reasoning supporting its novel legal assertions, without acknowledging the government鈥檚 own use of implicated third-party technologies, and without following required notice-and-comment rulemaking processes. Prior to issuing this rule, the federal government did not consult with hospitals and health systems about their use of third-party technologies that depend on the collection of IP addresses or the impact that its new rule would have on patients or communities. Instead, the agency began aggressively threatening regulatory enforcement and serious civil penalties against hospitals and health systems. After attempts to engage with HHS officials to educate them about the impact of their new rule, the AHA determined that it was necessary to file suit on behalf of its members to prevent the agency from unlawfully penalizing hospitals.</p> </div> <div class="col-md-4"> <div class="panel module-typeC"> <div class="panel-heading"> <h3 class="panel-title">Related Resources</h3> </div> <div class="panel-body"> <ul> <li><a href="/press-releases/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands-their">Press Release</a></li> <li><a href="/special-bulletin/2023-11-02-hospital-associations-and-hospitals-file-lawsuit-challenging-federal-rule-ties-providers-hands">Special Bulletin</a></li> <li><a href="/legal-documents/2023-11-02-case-complaint-aha-tha-thr-united-health-care-system-v-rainer">Case Complaint</a></li> <li><a href="/legal-documents/2023-11-02-case-explainer-american-hospital-association-v-rainer">Case Explainer</a></li> <li><a href="/frequently-asked-questions-faqs/2023-11-02-myth-vs-fact-hhs-ocr-online-tracking-rule">Myth vs. Fact Document</a></li> </ul> </div> </div> </div> </div> </div> Thu, 02 Nov 2023 06:00:00 -0500 Data Standards /aha-center-health-innovation-market-scan/2022-02-22-it-time-develop-digital-hippocratic-oath <div class="container"> <div class="row"> <div class="col-md-8"> <p><img alt="Is It Time to Develop a Digital Hippocratic Oath? A physician's left hand hand is raised toward a digital display of the Oath of Hippocrates." data-entity-type="file" data-entity-uuid="38b7fad6-282f-41c8-9ed4-e48f4001fe0a" src="/sites/default/files/inline-images/is-it-time-to-develop-a-digital-Hippocratic-oath.jpg" width="620" height="381"></p> <p>The Hippocratic oath has provided an ethical guide for physicians for centuries. Yet, for all its renowned value in protecting the health and privacy of patients, some believe the document needs an update to reflect the current digital world.</p> <p>A <a href="https://medicalfuturist.com/why-an-upgraded-hippocratic-oath-is-needed-in-the-digital-era/" target="_blank" title="The Medical Futurist: An Upgraded Hippocratic Oath Is Needed In The Digital And A.I. Era">recent essay in The Medical Futurist</a> offers a proposal for renewing the Hippocratic oath鈥檚 principles to reflect the current digital world. It calls for acknowledging the transformative impact medical technologies like artificial intelligence and robotics have in providing care. Another recommendation calls for updating language about patient privacy to include data privacy.</p> <p>Adjusting the Hippocratic oath could help younger physicians better relate to its overall principles, while older practitioners could take more inspiration to work from it, the proposal notes. It also calls for physicians to never lose sight of what鈥檚 most important when delivering treatment.</p> <p>鈥淚 will remember that I do not treat a fever chart, a cancerous growth or an algorithm鈥檚 suggestion, but a sick human being,鈥� one proposal states.</p> <p>Another recent call for modernizing the Hippocratic oath appeared in <a href="https://www.statnews.com/2022/02/15/creating-a-digital-hippocratic-oath-for-the-21st-century/" target="_blank" title="STAT News: Creating a digital Hippocratic oath for the 21st century">Stat News</a>. The report鈥檚 authors, one of whom works for <a href="https://www.graphitehealth.io/" target="_blank" title="Graphite Health homepage">Graphite Health</a> 鈥� a nonprofit enterprise established by health systems including Kaiser Permanente and Intermountain Healthcare to transform care delivery 鈥� shared the company鈥檚 four updated principles for the Hippocratic oath.</p> <ul> <li><strong>Autonomy:</strong> We will allow patients to decide how their data are used.</li> <li><strong>Beneficence:</strong> We will make health care easier to access, understand and use.</li> <li><strong>Non-maleficence:</strong> We will protect and secure patient data.</li> <li><strong>Justice:</strong> We will ask, 鈥淲hat would I want for my own patient care and for my family?鈥� for all decisions.</li> </ul> <p>A key element to the Graphite Health oath is requiring health systems and external vendors with whom it works 鈥� particularly tech companies and app developers 鈥� to adopt it.</p> <p>Graphite will require partners to agree to follow the code of conduct and other requirements before receiving a certificate that all participating health systems can view. This action should make the code enforceable by the Federal Trade Commission should Graphite Health鈥檚 partners mislead customers in failing to adhere to it, the report states.</p> </div> <div class="col-md-4"> <p><a href="/center" title="Visit the AHA Center for Health Innovation landing page."><img alt="AHA Center for Health Innovation logo" data-entity- data-entity-uuid="7ade6b12-de98-4d0b-965f-a7c99d9463c5" src="/sites/default/files/inline-images/logo-aha-innovation-center-color-sm.jpg" type="file" class="align-center"></a></p> <a href="/center/form/innovation-subscription"><img alt data-entity-type data-entity-uuid src="/sites/default/files/2019-04/Market_Scan_Call_Out_360x300.png"></a></div> </div> </div> .field_featured_image { position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } .featured-image{ position: absolute; overflow: hidden; clip: rect(0 0 0 0); height: 1px; width: 1px; margin: -1px; padding: 0; border: 0; } Tue, 22 Feb 2022 06:00:00 -0600 Data Standards /news/headline/2019-05-03-nist-issues-draft-framework-help-organizations-manage-data-privacy-risk <p>The Department of Commerce鈥檚 National Institute of Standards and Technology this week released for comment a draft <a href="https://csrc.nist.gov/publications/detail/white-paper/2019/04/30/nist-privacy-framework-discussion-draft/draft">framework</a> to help organizations that deliver or use data processing systems, products or services manage privacy risk. The draft framework aligns with NIST鈥檚 <a href="https://csrc.nist.gov/publications/detail/white-paper/2018/04/16/cybersecurity-framework-v11/final">framework</a> for reducing cybersecurity risks to the nation鈥檚 critical infrastructure, which includes health care and public health. NIST seeks feedback on whether the draft framework could be readily used as part of an organization鈥檚 risk management processes.</p> Fri, 03 May 2019 14:33:47 -0500 Data Standards