A new Health Insurance Portability and Accountability Act (HIPAA) privacy rule went into effect on June 25, that prohibits the disclosure of protected health information related to lawful reproductive health care in certain situations. Employers, as covered entities under HIPAA, must comply with the rule by Dec. 23.
Under the previous HIPAA privacy regulations, healthcare providers were allowed, but not required, to share patients’ reproductive health information with law enforcement. Such information could include contraception use, pregnancy- related care—including miscarriage and abortion—as well as infertility treatment.
The Biden administration issued the new rule after hearing concerns from providers that patients’ records could be unlawfully sought when they travel out of state to obtain reproductive care, especially after the Supreme Court overturned Roe v. Wade in June 2022. Several states instituted abortion restrictions and bans following the decision, causing some patients to cross state lines for care.
What the New Rule Covers
The new HIPAA reproductive health privacy rule aims to better protect patient confidentiality and prevent medical records from being used against those legally obtaining or providing reproductive care.
However, the rule does not:
- Cover reproductive health information when the services obtained were illegal
- Cover data outside of HIPAA protections, like location information or health details stored on personal devices
- Apply unless the care was lawfully obtained in a state where it is legal.
Required Signed Attestations
Under the new regulations, if a HIPAA-covered entity like an employer receives a request for protected health information potentially involving reproductive care, they must get a signed attestation stating the data will not be utilized for prohibited reasons.
Valid attestations must be provided on a standalone form, not attached to other documents when disclosing information for:
- Health oversight activities
- Judicial and administrative proceedings
- Law enforcement purposes
- Releases to coroners and medical examiners.
The Office for Civil Rights plans to publish a model attestation form to aid compliance ahead of the Dec. 23 deadline.
For more Employee Benefits resources, contact INSURICA today.
Copyright © 2024 Smarts Publishing. This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.
About the Author
Share This Story
Related Blogs
Preparing for Freezes: Protecting Your School During Cold Weather
Preventing Frozen Pipes in Schools is essential to maintaining a safe and operational learning environment during cold weather. Frozen and burst pipes can cause costly damage, disrupt daily activities, and compromise the safety of students and staff. By taking proactive steps, schools can effectively mitigate these risks and ensure their facilities are prepared for freezing temperatures.
Cyber Case Study: Hack at Steel Mill Causes Physical Damage
In late 2014, the German Federal Office for Information Security (BSI) released a report detailing a disruptive cyber attack at an unnamed steel mill facility. The attack—which was deployed through a combination of social engineering tactics and malware— compromised several of the steel mill’s industrial control components. From there, equipment breakdowns and production outages ensued, resulting in extensive property destruction.
Winter Driving Tips for Truckers
One of the joys of the trucking business is the ability to travel across the country and experience the beauty of different roads from coast to coast. However, this also means you must prepare for various types of driving conditions.