New Guidance Addresses Privacy Rules for Health Care Providers

In the wake of the U.S. Supreme Court’s ruling in Dobbs v. Jackson Women’s Health Organization, the Department of Health and Human Services (HHS) issued new guidance regarding HIPAA’s privacy protections for reproductive health care. The guidance focuses on health care providers’ obligation under the HIPAA Privacy Rule to safeguard the privacy of protected health information (PHI) related to reproductive health care, including abortions.

According to HHS, the HIPAA Privacy Rule permits health care providers to disclose PHI without an individual’s authorization in certain situations where the disclosure is required by another law, for law enforcement purposes or to avert a serious threat to health or safety. Health care providers are not required to disclose PHI to third parties, however. The new guidance provides examples of different scenarios that may arise in states where abortion care is restricted or prohibited.

In addition, HHS released guidance for individuals addressing the extent to which private medical information is protected on personal cellphones and tablets. It also provides tips for safeguarding this information when using health information apps, such as menstrual cycle trackers.