Supreme Court Ruling Leads to New OCR Guidance for Patient Privacy and PHI

July 10, 2022

Reproductive Health Care After the Supreme Court Ruling

What now? Itʼs a question health care providers and the public continue to ask following the Supreme Court ruling in late June of Roe vs. Wade. Regardless of what side of the opinion one stands on, it is important to know its impact on patient privacy, and also a providerʼs responsibilities around data protection.

OCR Issues New HIPAA Guidance

What about patient privacy?

To help answer this, the Office for Civil Rights (OCR) in the U.S. Department of Health and Human Services (HHS) issued new guidance, the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care, which can be found here. It is intended to help clarify how federal law and regulations protect individuals‘ protected health information relating to sexual and reproductive healthcare.

The HHS agency reminded providers that they aren‘t required to disclose private medical information to third parties. Furthermore, the OCR offered insight on maintaining data security while using health–information apps on cell phones and tablets. The OCR‘s new guidance is meant to inform and protect patients seeking reproductive healthcare, as well as their providers.

Patient Privacy and PHI

What Can be Disclosed?

The guidance states that access to comprehensive reproductive health care services is essential to individual health and well–being, and that HIPAAʼs Privacy Rule supports such access by giving individuals confidence that their protected health information (PHI), including information relating to health care, will be kept private.

The Privacy Rule establishes requirements with respect to the use, disclosure, and protection of PHI by covered entities (health plans, health care clearinghouses, and most health care providers) and, to some extent, by their business associates. These regulated entities can use or disclose PHI, without an individualʼs signed authorization, only as expressly permitted or required by the Privacy Rule.

However, the Privacy Rule permissions for disclosing PHI without an individualʼs authorization for purposes not related to health care, such as disclosures to law enforcement officials, are narrowly tailored to protect the individualʼs privacy and support their access to health services. This guidance addresses these types of permitted disclosures and their limitations.

What Does All This Mean?

Itʼs important to familiarize yourself with how the ruling affects patient privacy and PHI and reading through the OCRʼs new guidance is a good step. But also reach out to the HIPAA experts at PrivaPlan. Weʼre here to answer questions and assist you in staying HIPAA compliant in all areas of patient data.

Phishing Attacks Fool LastPass Users

April 22, 2024

LastPass warns users about a new phase of a phishing campaign that uses email, SMS, and calls to trick targets into divulging their master passwords.

Learn More +

Prepare for Upcoming HIPAA Security Rule Updates

April 16, 2024

This spring the HHS plans to begin HIPAA Security Rule updates to improve cyber resiliency and protect patient safety, based on its December concept paper.

Learn More +

Threat Actors Target Healthcare IT Help Desks

April 9, 2024

The US Health Department recently issued a warning regarding financially-motivated social engineering attacks targeting healthcare IT help desks.

Learn More +

Supreme Court Ruling Leads to New OCR Guidance for Patient Privacy and PHI

Reproductive Health Care After the Supreme Court Ruling