HIPAA Horror Stories

HIPAA and Reproductive Health

one-minute read

When the Supreme Court overturned Roe v. Wade on June 24, 2022, a cascade of things happened affecting healthcare providers and women in their care. Concerns about privacy and where and how HIPAA applies are being discussed by lawmakers, providers and patients. More questions have been raised than answered and the situation is still unfolding. The landscape is chaotic. (Dobbs v. Jackson Women’s Health Organization)

One immediate change occurred when 13 states banned or severely curtailed abortion access overnight – these so-called “trigger laws” were already on the books and ready to go into effect immediately (with limited exceptions) once Roe was overturned. Another 13 states are expected to follow. By contrast, some states continue to allow abortions and have even strengthened protections for women seeking reproductive health care.

As a result, the Court’s ruling has left a patchwork of state laws, with many designed to both limit access to abortion and to punish providers providing reproductive health care. Providers are asking whether they will be required to disclose protected health information (PHI) to law enforcement or even be prosecuted themselves. Patients are concerned that they may be prosecuted if they seek reproductive health care.

HIPAA Privacy is Not Political

Although abortion is a heated topic politically, the fundamental right to privacy in healthcare has never been political. Protecting the confidentiality of communications between patient and physician has been the bedrock of quality healthcare since the time of Hippocrates in ancient Greece.

The Roe v. Wade decision, at its core, was about privacy. The Court said a “right to privacy” protects a pregnant woman’s right to choose an abortion. It relied on a string of cases that came before, where the Court acknowledged that an individual’s privacy was a fundamental right protected by the due process clause of the Constitution.

Roe was decided in 1973, nearly a quarter century before HIPAA became law in 1996. The recent Dobbs decision twenty-six years later does not change HIPAA, but many providers are asking practical questions about how to apply it while treating women for reproductive health.

OCR Issues New Guidance to Help

To help clear up some confusion, on June 29, 2022 the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR), the agency that enforces HIPAA, issued new Guidance for providers and to assist patients in protecting their privacy surrounding reproductive health.

The two new publications are:

The Guidance states that, in general, it does two things:

  1. addresses how federal law and regulations protect individuals’ private medical information (known as protected health information or PHI) relating to abortion and other sexual and reproductive health care – making it clear that providers are not required to disclose private medical information to third parties; and
  2. addresses the extent to which private medical information is protected on personal cell phones and tablets, and provides tips for protecting individuals’ privacy when using period trackers and other health information apps.

A Quick Summary of Both

Review of the HIPAA Privacy Rule

The HIPAA Privacy Rule supports access to healthcare by giving individuals confidence that their protected health information (PHI) will be kept private. The Guidance is a reminder that covered entities can use or disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by the Privacy Rule.

In general, a covered entity is permitted, but not required, to disclose PHI in cases: required by law; for law enforcement purposes; or to avert a serious threat to health or safety. In each case, OCR emphasizes that the exceptions are narrowly tailored to protect the individual’s privacy and support their access to health services. The Guidance provides examples of each to illustrate how they might apply.

The Guidance also cautions that providers who may be concerned about their obligations to disclose PHI concerning reproductive health care should seek legal advice regarding their responsibilities under other federal and state laws.

Safeguard Privacy on Personal Devices

This Guidance is written for patients, explaining HIPAA basics and what it can and can not protect. The core message is that information generated by individuals (and stored or transmitted on personal devices) is not covered by HIPAA. However, there are steps individuals can take to increase their privacy and the Guidance outlines those steps for both Apple and Android devices.

Earlier this week we wrote about the proposed Health and Location Data Protection Act designed to prohibit data brokers from selling personal information gathered from personal devices. But that is not the law today. Unfortunately, our personal devices which provide so much convenience and quick access to information we want every day, also expose our own information to the outside world.

The HIPAA E-Tool® Stays Up to Date

Even during times of change, covered entities and business associates with The HIPAA E-Tool® don’t need to worry about whether they have the latest information. You can avoid chaos because we keep current on HIPAA law so you don’t have to.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Don’t become a HIPAA Horror Story! HIPAA compliance is easy, when you know the rules.

Request A Demo

Copyright © 2022 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free