The Biden administration’s new rule aimed at safeguarding the privacy of protected health information related to lawful reproductive health care went into effect in June. Under the HIPAA Privacy Rule to Support Reproductive Health Care Privacy, healthcare providers are now barred from disclosing sensitive information such as contraception use, pregnancy-related care, and infertility treatments to law enforcement without patient consent.
Effective June 25, with compliance required by December 23, 2024, the rule addresses concerns that arose following the overturning of Roe v. Wade in June 2022. This decision prompted concern that patients seeking lawful reproductive health services across state lines could face unwarranted scrutiny, compromising their privacy and potentially exposing them to legal repercussions.
The rule mandates that HIPAA-covered entities must now obtain a signed attestation that the request is not for prohibited purposes before disclosing protected health information (PHI) for specific purposes like health oversight, judicial proceedings, and law enforcement inquiries.
In the coming months, the Office for Civil Rights plans to release a standardized attestation form to facilitate compliance with the new regulations. This measure aims to ensure that individuals can confidently access reproductive health care without fear of their private medical information being misused or exploited.
EMPLOYER CONSIDERATIONS
Healthcare providers, health plans, and healthcare clearinghouses regulated under the Final Rule must update their Notice of Privacy Practices (NPPs) to align with the requirements for safeguarding reproductive healthcare privacy.
Employers should update HIPAA policies and procedures to ensure they specify when an attestation is required to disclose PHI and train employees on the new rules.