How safe is health information after Roe’s overthrow?

[Image from Unsplash]

The U.S. Department of Health and Human Services today released guidelines designed to better protect women’s health information as state abortion bans take effect after the state Supreme Court struck down States of Roe v. Wade.

Despite HHS actions, women may still wonder if their health information is completely secure in the future – a potential challenge for creators of digital health software.

New guidance from the HHS Office for Civil Rights (OCR) outlines when the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule permits disclosure of PSR without an individual’s permission. Her exit comes amid calls for women on social media to remove period-tracking apps. (The New York Timeshowever, reports the opposite is happening, with a Berlin-based rule-tracking app company called Clue saying it won’t comply with US law enforcement seeking information.)

“Your access to health care should not make you a target of discrimination. HHS stands with patients and providers to protect HIPAA privacy rights and reproductive health care information,” HHS Secretary Xavier Becerra said in a press release. “Anyone who believes their privacy rights have been violated can file a complaint with the OCR, as we are making this an enforcement priority. Today’s action is part of my commitment to President Biden to protect access to health care, including abortion care and other forms of sexual and reproductive health care.

It appears, however, that there are instances where women in abortion-banning states might find law enforcement with access to health information. For example, here is an example provided in the new guidelines:

“A person visits a hospital emergency department experiencing complications from a miscarriage in the tenth week of pregnancy. A hospital staff member suspects the person of having taken medication to terminate the pregnancy. State or other law prohibits abortion after six weeks of pregnancy, but does not require the hospital to report individuals to law enforcement. When state law does not expressly require such a declarationconfidentiality rule would be not [emphasis in original] permit disclosure to law enforcement under the authority “required by law”. Therefore, such disclosure would be impermissible and would constitute a violation of unsecured PHI requiring notification to HHS and the affected individual.

It appears the reporting would take place in a state that requires it, although the guidelines say most state laws do not currently require doctors or other healthcare providers to report someone who has self-managed the loss. of a pregnancy to law enforcement.

Here is another example from the guide:

“A law enforcement official presents a reproductive healthcare clinic with a court order requiring the clinic to produce [personal health information] on a person who has obtained an abortion. Since a court order is enforceable in court, the confidentiality rule would allow but not require the clinic to disclose the PSRs requested. The clinic may disclose only [emphasis in original] the RPS expressly authorized by the court order. »

There are privacy protections, but also some wiggle room.

The HIPAA Privacy Rule allows healthcare providers to disclose information to law enforcement if they believe in good faith that there is a serious threat to health and safety. But HHS in today’s guidance says disclosing a woman’s plan to, say, get an out-of-state abortion would not meet professional standards of ethical conduct. According to the advice: “The provider wishes to report the statement to law enforcement in an attempt to prevent the abortion from taking place. However, the confidentiality rule not [emphasis in original] allow this disclosure of PSR to law enforcement.

Comments are closed.