New HIPAA Guidance for Same-Sex Couples

HHS Describes How Privacy Rule Applies
New HIPAA Guidance for Same-Sex Couples

Federal regulators have released new guidance to educate healthcare entities and business associates about how the HIPAA Privacy Rule affects married same-sex couples.

See Also: 2024 Healthcare Cybersecurity Benchmarking Study

In a statement, the Department of Health and Human Services Office for Civil Rights says it developed the guidance to assist covered entities and business associates "in understanding how the 2013 decision by the Supreme Court in United States v. Windsor may affect certain of their HIPAA Privacy Rule obligations."

HHS explains in the guidance that in United States vs. Windsor, the Supreme Court held Section 3 of the Defense of Marriage Act to be unconstitutional. Section 3 of DOMA had provided that federal law would recognize only opposite-sex marriages. In light of the Windsor ruling, covered entities, and business associates, as applicable, must consider lawfully married same-sex spouses to have the same rights under the HIPAA Privacy Rule as opposite-sex spouses.

OCR's new guidance clarifies "that spouses include both same-sex and opposite-sex individuals who are legally married, whether or not they live or receive services in a jurisdiction that recognizes their marriage."

Family Rights

The HIPAA Privacy Rule "recognizes that family members, such as spouses, often play an integral role in a patient's health care. For example, the privacy rule allows covered entities to share information about the patient's care with family members in various circumstances," OCR explains

Under the HIPAA Privacy Rule's "uses and disclosures for involvement in the individual's care and notification purposes" provision, covered entities are permitted to share, under certain circumstances, an individual's protected health information with a family member, OCR says. "Legally married same-sex spouses, regardless of where they live, are family members for the purposes of applying this provision," the guidance explains.

"The privacy rule provides protections against the use of genetic information about the individual, which includes certain information about family members of the individual, for underwriting purposes," the guidance also notes.

OCR explains that the HIPAA Privacy Rule's "use and disclosure of genetic information for underwriting purposes" provision prohibits health plans, other than issuers of long-term care policies, from using or disclosing genetic information for underwriting purposes. For example, "such plans may not use information regarding the genetic tests of a family member of the individual, or the manifestation of a disease or disorder in a family member of the individual, in making underwriting decisions about the individual."

This provision also "includes the genetic tests of a same-sex spouse of the individual, or the manifestation of a disease or disorder in the same-sex spouse of the individual."

Providing Clarity

Privacy attorney Adam Greene of the law firm Davis Wright Tremaine says the new guidance provides additional clarity to healthcare entities. "I think that the guidance reinforces the flexibility offered by the privacy rule to communicate to family members, and that this is not a rigid definition," he says. "Frankly, I interpret that the privacy rule permitted disclosure to partners as persons involved in care regardless of whether they were married, but this guidance serves to reinforce that the federal government is now treating same sex spouses as family members for all purposes."

Also, the guidance doesn't create a lot of additional work for healthcare entities, he says. "I don't think that healthcare providers necessarily have to change their policies or notices of privacy practices, but they should ensure that their procedures are consistent with this guidance."


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.