The HIPAA Privacy Rule to Support Reproductive Health Care Privacy, finalized in April 2024, strengthens privacy protections for patient information in reproductive health care. It prohibits the unauthorized use or disclosure of protected health information (PHI) for investigative or liability-imposing purposes related to legal reproductive health care.
The Final Rule modifies the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule to bolster privacy protections for reproductive health care. In simpler terms, this rule prohibits covered entities, such as healthcare providers and insurers, from using or disclosing PHI related to legal reproductive health care for certain investigative or liability-imposing purposes. It establishes a presumption of legality for reproductive health care provided by entities other than the covered entity unless evidence suggests otherwise.
According to HHS Secretary Xavier Becerra, "The Biden-Harris Administration is providing stronger protections to people seeking lawful reproductive health care regardless of whether the care is in their home state or if they must cross state lines to get it. With reproductive health under attack by some lawmakers, these protections are more important than ever." This rule aims to mitigate potential infringements on patient privacy arising from legal or investigative actions related to reproductive health care. It seeks to reinforce patient-provider confidentiality and promote trust in healthcare services by imposing restrictions on the use and disclosure of PHI.
Related: How HIPAA applies to reproductive health information
The HIPAA Privacy Rule extends to telemedicine services, requiring healthcare providers to maintain patient privacy and confidentiality during virtual reproductive health consultations.
The HIPAA Privacy Rule permits disclosures of PHI for investigations related to suspected child abuse or neglect, ensuring the safety and well-being of vulnerable individuals.
Healthcare providers must obtain patient consent or ensure PHI is de-identified before sharing reproductive health information with other healthcare professionals, maintaining compliance with HIPAA privacy regulations.