What Employers Need to Know About the New HIPAA Privacy Rule

What Employers Need to Know About the New HIPAA Privacy Rule

A new Health Insurance Portability and Accountability Act (HIPAA) privacy rule went into effect on June 25, that prohibits the disclosure of protected health information related to lawful reproductive health care in certain situations. Employers, as covered entities under HIPAA, must comply with the rule by Dec. 23.

Under the previous HIPAA privacy regulations, healthcare providers were allowed, but not required, to share patients’ reproductive health information with law enforcement. Such information could include contraception use, pregnancy- related care—including miscarriage and abortion—as well as infertility treatment.

The Biden administration issued the new rule after hearing concerns from providers that patients’ records could be unlawfully sought when they travel out of state to obtain reproductive care, especially after the Supreme Court overturned Roe v. Wade in June 2022. Several states instituted abortion restrictions and bans following the decision, causing some patients to cross state lines for care.

What the New Rule Covers

The new HIPAA reproductive health privacy rule aims to better protect patient confidentiality and prevent medical records from being used against those legally obtaining or providing reproductive care.

However, the rule does not:

Cover reproductive health information when the services obtained were illegal
Cover data outside of HIPAA protections, like location information or health details stored on personal devices
Apply unless the care was lawfully obtained in a state where it is legal.

Required Signed Attestations

Under the new regulations, if a HIPAA-covered entity like an employer receives a request for protected health information potentially involving reproductive care, they must get a signed attestation stating the data will not be utilized for prohibited reasons.

See also  National Hurricane Preparedness Week Starts May 5th

Valid attestations must be provided on a standalone form, not attached to other documents when disclosing information for:

Health oversight activities
Judicial and administrative proceedings
Law enforcement purposes
Releases to coroners and medical examiners.

The Office for Civil Rights plans to publish a model attestation form to aid compliance ahead of the Dec. 23 deadline.

For more Employee Benefits resources, contact INSURICA today.

Copyright © 2024 Smarts Publishing. This is not intended to be exhaustive nor should any discussion or opinions be construed as legal advice. Readers should contact legal counsel or an insurance professional for appropriate advice.