HHS issues privacy protection guidance after SCOTUS Roe decision

The Department of Health and Human Services (HHS) has issued guidance on the state of patient privacy protections after the Supreme Court’s decision to overturn Roe v. Wade.

The decision threw patient privacy protections into question, as the ruling gave states the ability to criminalize receiving and providing abortions. There is now a new sense of uncertainty when it comes to sexual and reproductive healthcare, including abortions, pregnancy complications and other related care.

The guidance addresses how federal law and regulations protect individuals’ private medical information, called protected health information (PHI), relating to abortion and other sexual and reproductive healthcare. HHS made it clear that providers are not required to disclose private medical information to third parties. Additionally, the guidance addresses the extent to which private medical information is protected on personal cell phones and tables. HHS also offered tips to protect privacy when using period trackers and other health information apps.

The guidance comes after reports of concerns about period trackers on cell phones and other health tracking apps in wake of the Supreme Court’s decision. Worries centered around apps disclosing geolocation data which could potentially be misused by those seeking to deny reproductive healthcare. The concerns have led some to urge users to delete these apps off their phones and scrub the data.

“How you access healthcare should not make you a target for discrimination,” HHS Secretary Xavier Becerra said in a statement. “HHS stands with patients and providers in protecting HIPAA privacy rights and reproductive health care information. Anyone who believes their privacy rights have been violated can file a complaint with OCR as we are making this an enforcement priority.”

HHS noted that, under terms of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, disclosing health information for purposes not related to healthcare, such as to law enforcement officials, are only permitted in narrow circumstances “tailored to protect the individual’s privacy and support their access to health care, including abortion care.” HIPAA-covered entities and business associates can only use and disclose PHI without an individual’s signed authorization only as expressly permitted or required by the rule. It also explained the restrictions on disclosures of PHI when required by law, for law enforcement purposes, and to avert a serious threat to health or safety.

In addition to guidance for providers and businesses, HHS also issued tips for individuals, including how to turn off location services on Apple and Android devices and best practices for  selecting apps, browsers, and search engines that are recognized as supporting increased privacy and security.

Find the full guidance here.

Amy Baxter

Amy joined TriMed Media as a Senior Writer for HealthExec after covering home care for three years. When not writing about all things healthcare, she fulfills her lifelong dream of becoming a pirate by sailing in regattas and enjoying rum. Fun fact: she sailed 333 miles across Lake Michigan in the Chicago Yacht Club "Race to Mackinac."

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.