HHS New Privacy Guidance
The Supreme Court overturned Roe v. Wade on Friday, June 24, ruling that there is no longer a federal constitutional right to an abortion. Going forward, abortion rights will be determined by states, unless Congress acts. Already, nearly half of the states have or will pass laws that ban abortion, while others have enacted strict measures regulating the procedure.
In response, the US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has released new guidance aimed at patient privacy. The guidance address how federal law and regulations protect individuals’ private medical information. It clarifies that providers are not required to disclose private medical information to third parties as well as addresses what consumer information is protected—and what isn’t—when using period trackers and other health information apps on smartphones.
The HIPAA Privacy Rule allows disclosure of protected health information when expressly required by another law, when the request is made, “through such legal processes as a court order or court-ordered warrant,” and if the disclosure is necessary to prevent a threat to health or safety, the guidance said. The new guidance on privacy provided examples of situations in which providers may question their responsibility regarding protected health information, including if a provider suspects a patient has induced an abortion, if patient information is requested by law enforcement, and if a patient tells a provider they plan to seek an abortion elsewhere.
In a press release by HSS; many patients are concerned that period trackers and other health information apps on smartphones may threaten their right to privacy by disclosing geolocation data which may be misused by those seeking to deny care. “How you access health care should not make you a target for discrimination. HHS stands with patients and providers in protecting HIPAA privacy rights and reproductive health care information,” said HHS Secretary Xavier Becerra in a statement. “Anyone who believes their privacy rights have been violated can file a complaint with OCR as we are making this an enforcement priority. Today’s action is part of my commitment to President Biden to protect access to health care, including abortion care and other forms of sexual and reproductive health care.”
OCR issued information for patients about protecting the privacy and security of their health information when using their personal cell phone or tablet. In most cases, the HIPAA Privacy, Security, and Breach Notification Rules do not protect the privacy or security of individuals’ health information when they access or store the information on personal cell phones or tablets, according to HHS.
The guidance explains how to turn off the location services on Apple and Android devices, and identifies best practices for selecting apps, browsers, and search engines that support increased privacy and security.
Outside of HSS, other companies like Google have also taken steps to protect privacy. Google said it will delete the location history after a person has visited medical facilities such as abortion clinics, counseling centers, domestic violence shelters, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others.
Sources:
https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html
https://www.thestreet.com/technology/roe-v-wade-google-makes-a-major-decision-to-protect-privacy