In recent years there has been much upheaval regarding reproductive health and the legal protections that surround it. In 2022, the Supreme Court decision in Dobbs v. Jackson Women’s Health Organization overturned Roe v. Wade and Planned Parenthood v. Casey, which had previously upheld a woman’s right to receive an abortion. In response to the decision, some states began to implement tighter restrictions on abortions, or in some cases, ban abortions completely.
The decreased access to abortion drove many women to seek care in other states. And as they did so, fears began to grow that their reproductive healthcare information could be used to prosecute them, their loved ones, or even their physicians if the patient was a resident of a state where abortion is illegal.
In response to these concerns, the HHS Office for Civil Rights (OCR) issued the “HIPAA Privacy Rule to Support Reproductive Health Care Privacy Final Rule.” According to the Department of Health and Human Services: “The Final Rule strengthens privacy protections by prohibiting the use or disclosure of protected health information (PHI) by a covered health care provider, health plan, or health care clearinghouse—or their business associate—for either of the following activities:
- To conduct a criminal, civil, or administrative investigation into or impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating reproductive health care, where such health care is lawful under the circumstances in which it is provided.
- The identification of any person for the purpose of conducting such investigation or imposing such liability.”
In short, the Final Rule ensures “that protected health information cannot be used or disclosed to investigate or impose liability on someone for the mere act of seeking, obtaining, providing, or facilitation legal reproductive health care.”
As a healthcare business associate, Ontellus must adhere to the HIPPA attestation requirements that have been put in place to protect those seeking reproductive healthcare, when facilitating the exchange of records and protected health information. The attestation is required to accompany all requested records that could potentially be related to reproductive healthcare. The attestation is a written representation from the person or persons requesting patient information that states they will not use the information for the prohibited purposes listed above and to provide requestors notice of the potential criminal penalties for those knowingly violating HIPAA and this Final Rule. At Ontellus, an attestation will be prepared for every order related to medical records and will be submitted to custodians along with subpoenas and authorizations.
Topics: Ontellus Insight
