August 3, 2022

New HIPAA Privacy Guidance for Reproductive Health Care

In the wake of the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, which allows states to regulate and prohibit abortion, the Department of Health and Human Services (HHS) issued new guidance regarding HIPAA’s privacy protections for reproductive health care. The guidance focuses on health care providers’ obligation under the HIPAA Privacy Rule to safeguard the privacy of patients’ protected health information (PHI) related to reproductive health care, including abortions.

Permitted Disclosures

According to HHS, the HIPAA Privacy Rule permits but does not require health care providers to disclose PHI without an individual’s authorization in certain situations where the disclosure is required by another law, for law enforcement purposes or to avert a serious threat to health or safety.

According to HHS, in the absence of a mandate enforceable in a court of law, the Privacy Rule does not permit health care providers to report a patient’s abortion to law enforcement. HHS also notes that it would be inconsistent with professional standards of ethical conduct to make a disclosure of PHI to law enforcement regarding an individual’s interest, intent or prior experience with reproductive health care.

The new guidance provides examples of different scenarios that may arise in states where abortion care is restricted or prohibited. It encourages health care providers to seek legal advice if they are unsure about their HIPAA compliance obligations.

Privacy of Health Information on Cell Phones

In addition, HHS released guidance for individuals addressing the extent to which private medical information is protected on personal cellphones and tablets. It also provides tips for safeguarding this information when using health information apps, such as menstrual cycle trackers.

 

 

HIPAA Compliance

  • Health care providers may disclose an individual’s PHI, without an authorization, only as expressly permitted or required by the HIPAA Privacy Rule.
  • Providers may disclose PHI in certain situations when required by law, for law enforcement purposes and to avert a serious threat to health or safety.
  • Health care providers are not required to disclose PHI to third parties, however.

 


 

Employers can share this new privacy guidance with employees who have questions about the privacy of reproductive health care information.

 

 

© 2022 Zywave, Inc. All rights reserved.

 

View Alert