White House adds abortion care to HIPAA protected data • The Register
A revision to the USA’s healthcare and privacy rules aims to protect abortion providers and patients seeking the procedure — or other types of reproductive care such as in vitro fertilization and contraception — as some US states ban procedures and attempt prosecutions of citizens.
A US Department of Health and Human Services (HHS) edict, issued Monday, modifies the 1996 Health Insurance Portability and Accountability Act (better known as HIPAA) to increase protections for sensitive health information about reproductive care.
The change prohibits doctors, insurers, healthcare clearinghouses, and other medical organizations from disclosing protected health information (PHI) to state officials and law enforcement officers investigating patients and providers.
The changes also provide some safeguards for providers in states where abortion is banned, as well as for patients crossing state-lines to terminate a pregnancy or get access to other reproductive healthcare.
Outcomes of the changes mean that doctors in states that have banned abortions can’t be compelled to hand over medical records belonging to patients who traveled out-of-state for a legal abortion. Additionally, it requires these providers and healthcare organizations to agree in writing that these medical files won’t be used for criminal investigations or other law enforcement purposes.
The change “restricts certain uses and disclosures of PHI for particular non-healthcare purposes, i.e., for using or disclosing PHI to conduct a criminal, civil, or administrative investigation into or to impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating lawful reproductive healthcare, or to identify any person to initiate such activities.”
Since the US Supreme Court overturned constitutional protections to abortion in the case of Dobbs v. Jackson Women’s Health Organization almost two years ago, 14 US states have enacted total abortion bans, and at least 41 have imposed some type of restrictions.
“This changing legal landscape increases the likelihood that an individual’s PHI may be disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in healthcare providers and the healthcare system,” the revised rule states [PDF].
“The threat that PHI will be disclosed and used to conduct such an investigation against, or to impose liability upon, an individual or another person is likely to chill an individual’s willingness to seek lawful healthcare treatment or to provide full information to their healthcare providers when obtaining that treatment, and on the willingness of healthcare providers to provide such care.”
The new rule will take effect in June.
In a press conference on Monday, HHS Director of the Office for Civil Rights Melanie Fontes Rainer emphasized that the protected information extends beyond abortion care.
“If a person receives reproductive healthcare, such as a pregnancy test or treatment for an ectopic pregnancy, and that reproductive healthcare is lawful in the state where the care is received, the information about the care cannot be disclosed or used by the healthcare provider or health plan for an investigation, or to impose liability by law enforcement on the patient or the provider,” she told reporters.
Rainer added: “If the reproductive healthcare like contraception is protected, required or authorized by federal law, including the constitution, that may also not be used or disclosed based on this rule.” ®