OCR Publishes Guidance for Organizations and Patients After the Release of Supreme Court Decision on Roe v. Wade

President Biden and Secretary Xavier Becerra of the U.S. Department of Health and Human Services (HHS) lately called the attention of HHS agencies to do something to safeguard access to sexual and reproductive healthcare, such as abortion, pregnancy problems, and other associated care. This is in connection with the Supreme Court decision in the case of Dobbs vs. Jackson Women’s Health Organization. The Supreme Court reversed Roe v. Wade and Planned Parenthood v. Casey and overturned women’s right to get a safe and legalized abortion.

The HHS Office for Civil Rights (OCR) released new guidance for healthcare companies and patients seeking reproductive health care services to make sure their patient privacy is secured. The guidance clarifies the requirement of the federal Health Insurance Portability and Accountability Act (HIPAA) to keep private and confidential individuals’ private medical data, including details regarding abortion along with other sexual and reproductive health care. The HIPAA classifies that data as protected health information (PHI) and healthcare organizations do not need to disclose PHI to third parties.

The guidance furthermore points out that private medical data stored on personal cell phones and tablets aren’t covered by HIPAA and therefore individuals’ privacy isn’t protected whenever utilizing period trackers and other health data applications. Such information can possibly be abused by people trying to deny them medical care access.

HHS Secretary Xavier Becerra explained that access to health care shouldn’t allow you to be targeted for discrimination. HHS is for the protection of patients and providers with regards to HIPAA privacy rights and reproductive health care data. Becerra is urging those who think their privacy rights were violated to submit a complaint with OCR. Safeguarding access to health care, including abortion care and other types of sexual and reproductive health care, is a priority for OCR’s enforcement.

The guidance for healthcare providers talks about the HIPAA Privacy Rule allowing HIPAA-covered entities, such as healthcare providers and business associates, to make known the PHI of an individual without getting consent from that person for reasons expressly permitted or required, like healthcare, medical operations, and payment, however, other disclosures, for example, to law enforcement officials, are authorized only in limited situations, focused on securing the person’s privacy and supporting their health care access, including abortion care. The guidance additionally points out the limitations on PHI disclosures under the HIPAA Privacy Rule when requested by law, for law enforcement reasons, and to avoid a threat to health or security.

Different guidance was published for people concerning securing the privacy and security of their health data when utilizing their own cell phones or tablets. It is essential for people to know that the majority of health applications, such as period trackers, aren’t covered by the HIPAA Privacy or Security Rules. Therefore, any personal healthcare information inputted, gathered, or sent by those applications or is saved on smartphones or tablets, isn’t secured and there are no limitations on sharing of that data.

The guidance points out tips to consider whenever utilizing these health applications that will reduce the personal data obtained by the applications and restrict the chance of disclosures of personal data – such as geolocation information – without the person’s awareness. The guidance details how to switch off the location feature on Android and Apple devices, and provides suggestions about choosing apps, web browsers, and search engines that value privacy and security.

Read the information on individuals’ rights to reproductive healthcare on this page.