HIPAA Update Proposed to Improve Reproductive Health Data Privacy
The Office for Civil Rights has proposed an update to the HIPAA Privacy Rule to improve the privacy of reproductive health information, which is currently being considered by the Biden Administration. Details of the proposed update have not been made public. OCR has only confirmed that a draft rule has been written and that the step was taken under its mandate to ensure non-discriminatory access to healthcare for all Americans. A spokesperson for OCR explained that OCR has participated in listening sessions and roundtable discussions with healthcare providers, patients, advocates, and state health officials, and the information gained was factored in when creating the draft rule.
That measure was taken in response to the decision of the Supreme Court in Dobbs v. Jackson Women’s Health Organization and the overturning of Roe v. Wade, which removed the federal right to abortion that had been in place for 5 decades. The decision did not ban abortions in the United States but made the legality of abortions a matter for state legislatures. Since the decision, 24/50 states have implemented bans or further restrictions, or are planning to do so. 12 states have implemented near-total bans on abortions.
Soon after the Supreme Court decision, the HHS’ Office for Civil Rights issued guidance to healthcare organizations on how the HIPAA Privacy Rule applies to disclosures of reproductive health information and confirmed that uses and disclosures are restricted to those that are necessary for treatment, payment, and healthcare operations. Most other disclosures are only permitted with patient authorization. OCR also confirmed that while disclosures of reproductive health information to law enforcement are permitted by the HIPAA Privacy Rule, they are not required, and disclosures to law enforcement should only occur when accompanied by a court order, and then the only information that should be disclosed is what has specifically been requested and is relevant to the requirements of law.
Even with this guidance, there are fears that states could compel healthcare providers to release information about patients that have sought abortions and use that information to prosecute those individuals. This month, two democratic Senators proposed the Secure Access for Essential Reproductive (SAFER) Health Act, which seeks to strengthen privacy protections for reproductive health data by updating HIPAA to prohibit disclosures of information related to abortion and pregnancy loss.
The bill was introduced by Senators Michael Bennet (D-CO) and Mazie Hirono (D-HI) and seeks to prohibit healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities from disclosing patient information related to abortion and pregnancy loss unless patient consent has been obtained.
“No one should have to worry about being investigated or prosecuted for receiving or providing reproductive health care,” said Bennet. “This legislation will protect the privacy of patients who have had abortions, regardless of where they live or receive care.”
The SAFER Act instructs the HHS to revise HIPAA and the HITECH Act accordingly, and the Act would apply to federal, state, tribal, and local proceedings. The Act also calls for the HHS to launch a national campaign to educate HIPAA-regulated entities about the changes to HIPAA.
“If you get an abortion or experience pregnancy loss, you deserve to know that your medical records will remain private, unless you say otherwise—I think that is something we all can agree on,” said Hirono. “I will continue working to secure access to safe reproductive health care and fighting for women’s rights to control their own bodies.”