Senators Seek HIPAA Changes to Protect Reproductive Info

Letter Sent to HHS Secretary Urges 'Immediate Action' for HIPAA Rule-Making
Senators Seek HIPAA Changes to Protect Reproductive Info

Democratic U.S. senators are urging the Biden administration to strengthen federal health privacy regulations by restricting medical providers from sharing reproductive health information absent the explicit consent of patients.

See Also: Panel Discussion | Accelerate HITRUST certification for faster time-to-market and improved ROI

A letter signed by 30 senators led by Washington Sen. Patty Murray says the new rule-making should particularly ensure that reproductive health information isn't shared with law enforcement or in civil or criminal proceedings tied to abortion.

The Supreme Court in June opened the door to state capitals outlawing the procedure by overturning Roe v. Wade, the five-decade precedent that guaranteed nationwide access to abortion. Since then, about a dozen states have since implemented full bans on abortion, additional states have imposed partial bans and others are seeking to implement new restrictions on reproductive health.

In addition, the lawmakers tell Department of Health and Human Services Secretary Xavier Becerra that the federal government should bolster efforts to engage and educate caregivers about regulated entities' obligations under the HIPAA Privacy Rule.

The Department of Health and Human Services should ensure cases involving reproductive health information receive timely, appropriate attention for compliance and enforcement activities, the letter adds.

Previous Actions

Just after the Supreme Court ruling, HHS' Office for Civil Rights, which oversees HIPAA enforcement and rule-making, issued healthcare privacy guidance clarifying when clinics can legally withhold patient information about abortion from law enforcement officials (see: HHS Tackles Data Privacy Concerns Linked to Abortion Ruling).

At the time the guidance was issued, Becerra vowed that enforcing patient privacy rights related to reproductive health information would be a top priority.

Privacy attorney Kirk Nahra of the law firm WilmerHale says he presumes that the Biden administration is reviewing the existing HIPAA rules to evaluate what additional protections can be provided.

"Typically that would involve a rule-making process and the delays associated with it. There are potential alternatives such as proceeding with an interim final rule, which could accelerate this timetable," he says.

The kinds of HIPAA rule changes being sought by the lawmakers face substantive challenges, he says.

"You could make changes specific to this category of health data, but HIPAA in general treats all health data the same," he says.

Imposing strict patient disclosure requirements could also backfire in some cases, such as prohibiting disclosure involving information about a patient who assaulted a nurse, Nahra says.

"I hope and expect that they are looking at additional protections, but those may be more challenging substantively than it might seem at first glance," Nahra adds.

Other Considerations

Privacy attorney Adam Greene of the law firm Davis Wright Tremaine says there is "a good chance" that HHS will proceed with rule-making, although it will likely take years. "This is an area of significant concern to the secretary and members of Congress," he says.

"I think that the Biden administration could proceed faster, but it would be a race to finish rule-making by the end of the first term, and it likely would come at a cost to other rule-making efforts due to limited OCR staff."

Besides rule-making, there is not much more that OCR can do, other than outreach to continuously reinforce the message that HIPAA generally does not require disclosure of reproductive health information and limits its disclosure to law enforcement, Greene says.

HHS' Office of the National Coordinator for Health IT also could provide guidance clarifying that it is not considered "information blocking" to withhold access to this information out of concern that it could be used against the patient or provider, he says.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.