Image: Wesley Tingey / Unsplash

Texas judge upholds hospitals’ right to use online tracking technology

A Texas federal judge ruled Thursday that the Biden administration’s efforts to rein in the use of online trackers by hospitals and other health providers are illegal.

The judge backed arguments from hospital trade groups and local healthcare systems who said the U.S. Department of Health and Human Services (HHS) went beyond its authority when it issued a policy around the technology, which it said was intended to protect the privacy of web users.

Issued in 2022, the HHS guidance cautioned health care providers that allowing third-party vendors to collect data from users of their websites could break the 1996 federal Health Insurance Portability and Accountability Act (HIPAA) law.

HIPAA prohibits the public sharing of private health information to protect against discrimination.

In July, the Federal Trade Commission and HHS reasserted the importance of the guidance, cautioning about 130 hospital systems and telehealth providers to beware of risks posed by tracking technologies, including Meta/Facebook Pixel and Google Analytics.

They warned that the technologies gather personal data in ways that consumers cannot easily avoid and cautioned that many consumers don’t know their health data is shared with third parties as a result of the tracking.

The judge’s ruling was first reported by Reuters.

The HHS Office of Civil Rights issued the guidance, which most entities interpret as rules, to address the increasingly widespread use of the online trackers, which can reveal a host of private information about patients, including diagnoses.

In April, the healthcare giant Kaiser Permanente alerted more than 13 million customers that their personal data may have been shared with third parties, including IP addresses, names and information showing how patients traveled across its website and searched its health encyclopedia.  

According to the ruling, HHS exceeded its authority by saying HIPAA protected health data also includes data culled from searches of public websites.

The judge, a Republican appointee of former President Donald Trump, struck down the guidance despite a recent HHS revision issued in the wake of a lawsuit filed by the American Hospital Association and other plaintiffs in November.

“Our nation’s bureaucratic apparatus would give Hobbes’ Leviathan a run for its money,” U.S. District Judge Mark Pittman wrote in his opinion. “Indeed, few are the facets of modern life untouched by the federal government’s administrative machinery, which is as sophisticated as it is complex.”

“As the old saying goes, ‘give an inch, they’ll take a mile,’” Pittman wrote.”And HHS has taken a mile.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Suzanne Smalley

Suzanne Smalley

is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.