By Elizabeth Litten and Odia Kagan
The U.S. Department of Health and Human Services (HHS) issued guidance on June 29 discussing privacy protections under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) in the wake of the Dobbs decision. Health care providers will need to evaluate whether they are permitted to disclose an abortion patient’s Protected Health Information (PHI) under HIPAA. HIPAA permits disclosure of PHI if the provider reasonably believes an individual is a victim of abuse or neglect if the disclosure is required by law (and complies with and is limited to the relevant requirements of the law), but also when the disclosure is expressly authorized by statute or regulation and:
- The provider, in the exercise of professional judgment, believes disclosure is necessary to prevent serious harm to the individual or other potential victims
- Or the individual is unable to agree to the disclosure because of incapacity and a law enforcement official or other public official authorized to receive the report represents that the PHI is not intended to be used against the individual, and an immediate enforcement activity that depends upon the disclosure would be materially and adversely affected by waiting until the individual is able to agree to the disclosure.
More details on this and other legal issues raised by the Dobbs decision in this client alert.