Guidance for Minnesota Health Care Providers: HHS Issues Guidance on Protecting Access to Sexual and Reproductive Health Care under HIPAA Privacy Rule after Supreme Court Decision Overturning Roe v. Wade.
In Case You Haven’t Heard: On June 24, 2022, the U.S. Supreme Court reversed Roe v. Wade, holding that the constitutional right to abortion no longer exists and that the authority to regulate abortion is left to the states. As of June 30, 2022, six states have banned abortions including Alabama, Arkansas, Missouri, Oklahoma, South Dakota, and Wisconsin. Lawmakers in other states have signaled an interest in restricting or banning abortions in the future.
What Does this Mean?: Not only does this mean that a woman’s access to abortion services and reproductive health services may be banned or restricted, but it also means that women or health care providers could be punished for engaging in such practices. States with abortion bans have primarily focused punishment on the providers and not on those seeking an abortion. Recognizing this, President Biden and the U.S. Department of Health and Human Services called on HHS agencies to take action to protect access to sexual and reproductive health care information, including information related to abortion, pregnancy complications, and other related care.
Updated Guidance from HHS: On June 29, 2022, the HHS Office for Civil Rights (OCR) issued new guidance to help protect patients seeking reproductive health care, as well as their providers. The guidance is two-fold, and seeks to give individuals confidence that their protected health information (PHI) will be kept private and serves as a guide to covered entities being asked to disclose PHI about individuals as required by law, for law enforcement purposes, and to avert a serious threat to health or safety.
The HIPAA Privacy Rule establishes requirements with respect to the use, disclosure, and protection of PHI by covered entities. Covered entities are only allowed to use or disclose PHI without an individual’s consent when it is expressly permitted or required by the Privacy Rule. The guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care addresses the types of permitted disclosures under the Privacy Rule and their limitations, including the Privacy Rules restrictions on disclosures of PHI when required by law, for law enforcement purposes, and to avert a serious threat to health or safety. The circumstances allowing for use or disclosure under these permitted uses are narrowly tailored to protect an individual’s privacy.
HHS also issued guidance on Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet. This guidance provides information and best practices for individuals when it comes to protecting the privacy and security of your health information when using a personal phone or tablet. However, it is important to note that in most cases, the HIPAA Privacy, Security, and Breach Notification Rules to not protect the privacy or security of individuals’ health information when they access or store the information on personal cell phones or tablets.
Where Minnesota Stands: The Minnesota Supreme Court has previously recognized the right to abortion under its Constitution, and it is expected that Minnesota abortion providers will see a surge in out-of-state patients. Additionally, on June 26, 2022, Governor Tim Walz signed Executive Order 22-16 protecting women who travel to Minnesota to get an abortion, as well as those assisting or providing abortions. The Order directs Minnesota agencies not to assist other states attempting to seek civil or criminal liability or professional sanctions against anyone searching, providing, or obtaining legal abortion services in Minnesota. According to the Order, “no state agency may provide any information or expend or use time, money, facilities, property, equipment, personnel, or other resources in furtherance of any investigation or proceeding.” Gov. Walz also said he would not extradite people accused of committing abortion-related acts that are legal in Minnesota. Therefore, Minnesota covered entities should be kept abreast of this updated guidance to ensure they are in compliance with their obligations under HIPAA and Executive Order 22-16.