In the wake of the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, which allows states to regulate and prohibit abortion, the Department of Health and Human Services (HHS) issued new guidance regarding HIPAA’s privacy protections for reproductive health care. The guidance focuses on health care providers’ obligation under the HIPAA Privacy Rule to safeguard the privacy of patients’ protected health information (PHI) related to reproductive health care, including abortions.
Permitted Disclosures
According to HHS, the HIPAA Privacy Rule permits but does not require health care providers to disclose PHI without an individual’s authorization in certain situations where the disclosure is required by another law, for law enforcement purposes or to avert a serious threat to health or safety.
According to HHS, in the absence of a mandate enforceable in a court of law, the Privacy Rule does not permit health care providers to report a patient’s abortion to law enforcement. HHS also notes that it would be inconsistent with professional standards of ethical conduct to make a disclosure of PHI to law enforcement regarding an individual’s interest, intent or prior experience with reproductive health care.
The new guidance provides examples of different scenarios that may arise in states where abortion care is restricted or prohibited. It encourages health care providers to seek legal advice if they are unsure about their HIPAA compliance obligations.
Privacy of Health Information on Cell Phones
In addition, HHS released guidance for individuals addressing the extent to which private medical information is protected on personal cellphones and tablets. It also provides tips for safeguarding this information when using health information apps, such as menstrual cycle trackers.
For a copy of this notice click here: New HIPAA Privacy Guidance for Reproductive Health Care