Final Rule HIPAA Privacy Rule to Support Reproductive Health Care Privacy
On April 22, 2024, OCR issued a Final Rule, entitled HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule by prohibiting the disclosure of protected health information related to lawful reproductive health care in certain circumstances. HHS issued this Final Rule after hearing from communities that changes were needed to better protect patient confidentiality and prevent medical records from being used against people for providing or obtaining lawful reproductive health care. This Final Rule bolsters patient-provider confidentiality and helps promote trust and open communication between individuals and their health care providers or health plans, which is essential for high-quality health care.
To read the Fact Sheet (en español)
Director’s message on YouTube (en español)
Social Media Toolkit: HIPAA Privacy Rule to Support Reproductive Health Care Privacy
June 20, 2024, Presentation on Final Rule (Slides)
For HIPAA Covered Entities or Business Associates: Model Attestation for a Requested Use or Disclosure of Protected Health Information Potentially Related to Reproductive Health Care
Guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care
OCR issued guidance explaining how the Privacy Rule permissions for disclosing PHI without an individual’s authorization for purposes not related to health care, such as disclosures to law enforcement officials, are narrowly tailored to protect the individual’s privacy and support their access to health care, including abortion care. This Guidance:
- Reminds HIPAA covered entities and business associates that they can use and disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by the Privacy Rule.
- Explains the Privacy Rule’s restrictions on disclosures of PHI when required by law, for law enforcement purposes, and to avert a serious threat to health or safety.
- Read the Guidance
Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet
OCR issued guidance for individuals about protecting the privacy and security of their health information when using their personal cell phone or tablet. This guidance explains that, in most cases, the HIPAA Privacy, Security, and Breach Notification Rules do not protect the privacy or security of individuals’ health information when they access or store the information on personal cell phones or tablets. This guidance also provides tips about steps an individual can take to decrease how their cell phone or tablet collects and shares their health and other personal information without the individual’s knowledge. This Guidance:
- Explains how to turn off the location services on Apple and Android devices.
- Identifies best practices for selecting apps, browsers, and search engines that are recognized as supporting increased privacy and security.
- Read the guidance