In the wake of the Supreme Court ruling that ends the Constitutional right to abortion, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights has issued new guidance to help protect patients seeking reproductive health care, as well as their providers.
The guidance addresses an individual’s protected health information related to abortion and other sexual and reproductive health care, noting that providers aren’t required to disclose private medical information to third parties. It also addresses the extent to which this private medical information is protected on personal cell phones and tablets and offers tips to protect an individual’s privacy when using period trackers and other health information apps.
This guidance also explains the circumstances under which the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule permits disclosure of PHI without an individual’s authorization. It explains that disclosures for purposes not related to health care, such as disclosures to law enforcement officials, are permitted only in narrow circumstances tailored to protect the individual’s privacy and support their access to health care, including abortion care.
In most cases, however, the HIPAA Privacy, Security, and Breach Notification Rules do not protect the privacy or security of individuals’ health information when they access or store the information on personal cell phones or tablets. The guidance provides steps people can take to decrease how their cell phone or tablet collects and shares their health and other personal information without the individual’s knowledge. It explains how to turn off the location services on Apple and Android devices, and identifies best practices for selecting apps, browsers, and search engines that are recognized as supporting increased privacy and security.
For more information, here is the guidance on HIPAA privacy rule and here is the guidance on protecting PHI when using your personal cell phone or tablet. To file a complaint about a HIPAA-covered entity or business associated violating someone’s privacy rights or violating the privacy and security rules, click here.
.