New Reproductive Health Care Privacy Rule Released Under HIPAA

The Final Rule ensures the privacy protection of the health records of women, their members of the family, and physicians who are seeking, getting, offering, or assisting legal reproductive health care.

The Biden-Harris Administration and the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) released a Final Rule called HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule supports the Health Insurance Portability Act of 1996 (HIPAA) Privacy Rule by forbidding the exposure of protected health information (PHI) associated with legal reproductive health care in specific instances. After listening to communities about the necessary changes to safeguard patient privacy and stop the use of medical records against individuals who provide or get legal reproductive health care, HHS is presenting this Final Rule. This Final Rule will strengthen patient-provider privacy and help encourage trust and open verbal exchanges between people and their medical service providers or health plans, which is important for excellent medical care.

According to HHS Secretary Xavier Becerra, a lot of Americans are afraid their private healthcare data will be shared, abused, and exposed with no permission. This frightens women who are consulting a physician, getting a prescription from a pharmacy, or undergoing a medical activity for their health and fitness. The Biden-Harris Administration is giving stronger protections to individuals seeking legal reproductive health care whether the care is within their home state or another state. Considering the attack on reproductive health by a few legislators, these protections tend to be given more importance.

According to OCR Director Melanie Fontes Rainer, companies have expressed their concerns that when patients visit their clinics for legal care, their patients’ data will be required, including when they leave. Patients and healthcare providers feel worried, and it hinders their ability to get and give correct data and access secure and lawful healthcare. The Final Rule forbids using PHI for seeking or giving legal reproductive healthcare and helps to enhance patient-provider trust will result in better health and secure patient privacy.

OCR manages and imposes the Privacy Rule, which calls for covered entities, healthcare providers, healthcare clearinghouses, health plans, and business associates to protect the privacy of PHI and sets limitations and conditions on its uses and disclosures. The HIPAA Privacy Rule offers people specific rights over their PHI. In April 2023, OCR published proposed changes to the HIPAA Privacy Rule to handle modifications in the legal landscape impacting reproductive healthcare privacy that make it more probable to use and disclose PHI in ways that HIPAA intends. OCR received nearly 30,000 public responses to the proposed rule. After considering these comments, the Department is giving a Final Rule that:

  • Forbids the use or disclosure of PHI if it is for investigating or imposing liability on people, healthcare providers, or other people who seek, get, offer, or facilitate reproductive healthcare that is legal under the conditions whereby such healthcare is given, or to identify individuals for such activities.
  • Requires a healthcare provider, clearinghouse, health plan, or business associates, to get a signed attestation that the requests for PHI possibly linked to reproductive healthcare are not for restricted purposes.
  • Requires healthcare providers, clearinghouses, and health plans to change their Notice of Privacy Practices to help reproductive healthcare privacy.

The present HIPAA Privacy Rule is still effective until the effectivity of the new rule. If you feel that your (or anyone’s) health data privacy rights or other Privacy, Security, or Breach Notification regulations were violated, you could file a complaint with the HHS Office for Civil Rights.

Photo Credit: Ahtesham / stock.adobe

Twitter Facebook LinkedIn Reddit Copy link Link copied to clipboard
Photo of author

Posted by

John Blacksmith

John Blacksmith is a journalist with several years experience in both print and online publications. John has specialised in Information technology in the healthcare sector and in particular in healthcare data security and privacy. His focus on healthcare data means he has specialist knowledge of the HIPAA regulations. John has a degree in journalism.