With the ruling on Dobbs vs. Jackson Women’s Health Organization, it can be argued it is more important than ever to understand patient’s rights to the privacy of their health information. HHS Secretary Xavier Becerra has said, “HHS stands with patients and providers in protecting HIPAA privacy rights and reproductive health care information.” This means that HIPAA covered entities and business associates (providers, hospitals, etc.) “can use or disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by the Privacy Rule.” (https://www.hhs.gov/about/news/2022/06/29/hhs-issues-guidance-to-protect-patient-privacy-in-wake-of-supreme-court-decision-on-roe.html)
Under the Privacy Rule, acceptable disclosures are only to covered entities or business associates that are involved with either the treatment or billing of the patient. These disclosures may only contain the minimum amount of information necessary for the treatment or billing of the patient.
The Privacy Rule permits but does not require health providers to provide patient health information to law enforcement. Saying this, permission is granted only when a legal mandate, such as a subpoena or a court order, requires the provider to share patient health information. Furthermore, the provider is only permitted to share the PHI expressly stated in the order. (https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi-reproductive-health/index.html)
While the ruling should have no affect on how your office operates, it is more important than ever that your office be trained in HIPAA. HHS is actively collecting complaints from individuals that believed their (or someone else’s) health information privacy has been violated. Individuals are researching to better understand their rights under the privacy and security rules.
Your office needs to be able to recognize who you can share patient information with and what methods of communication are acceptable. This involves HIPAA training, documentation of patient authorizations to share their information and well-trained HIPAA Security Officers to turn to with any questions or doubts.
TLD Systems provides these tools in our HIPAA compliance program to allow your office to maintain HIPAA compliance. Questions on how we can help you? Email info@tldsystems.com or call (631) 403 6687, menu option 1.
Read Comments