HIPAA proposed rule and abortion: What is the compliance professional to do?

6 minute read

In the wake of the recent U.S. Supreme Court decision to overturn Roe v. Wade—which held the Constitution does not protect abortion—hospitals are faced with critical departures from settled guidelines and practices when attempting to navigate their organization through the quagmire of competing rules and standards.[1]

Recently, the U.S. Department of Health and Human Services (HHS) issued a Notice of Proposed Rulemaking (NPRM) in an attempt to strengthen the HIPAA Privacy Rule protections by prohibiting the use or disclosure of protected health information (PHI) to investigate or prosecute patients, providers, and others involved in the provision of legal reproductive care, including abortion care.[2] The proposed rule would make any disclosure of PHI prohibited without the express permission of the patient. The new proposed rule attempts to prevent law enforcement from gathering any evidence of an abortion to hold a provider or patient criminally liable. Currently, HIPAA does permit a covered entity from disclosing PHI to law enforcement if there is a crime committed on the covered entity’s property.[3] In the case of an abortion, if a state prohibits it, the covered entity would have little persuasive standing to prevent the disclosure to law enforcement since a “crime” would be committed on the grounds of the covered entity.

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field