The ripple effect from the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization has prompted the federal Office of Health and Human Services (HHS) to reinforce core principles of privacy compliance. HHS issued guidance to re-educate providers and patients on what constitutes protected health information (PHI) and the circumstances in which it may be disclosed, or exposed, to third parties.
This summer, in the wake of the decision that overturned Roe v. Wade, President Joe Biden and HHS Secretary Xavier Becerra encouraged measures to protect access to abortion, pregnancy complications and other services related to sexual and reproductive health care. In response, the HHS Office for Civil Rights (OCR) issued new guidance for both patients and their providers addressing how laws such as HIPAA protect PHI from disclosure to third parties, and the extent to which this information is protected on personal digital devices.
Key takeaways:
- Disclosures of medical records for purposes unrelated to health care, such as to law enforcement officials, are only permitted without authorization as expressly allowed by the Privacy Rule.
- Federal and state regulations should prioritize a commitment to the individual’s privacy and right to seek health care, including across state lines.
- Concerns about lawmakers investigating period trackers, other health apps, payment records and even browsing data can be allayed by turning off location services and by selecting apps, browsers and search engines that support user security and privacy.
As part of the guidance, HHS indicated its Office of Civil Rights (OCR) would make investigations of privacy rights violations an enforcement priority.