Closing Privacy ‘Loopholes’ in Reproductive Healthcare Data
A recently proposed federal rule would prohibit healthcare organizations from disclosing to law enforcement patient information related to obtaining or providing an abortion. If enacted, it will address longstanding loopholes in healthcare privacy, said attorney Kathleen McGee, partner at law firm Lowenstein Sandler.
The Department of Health and Human Services’ Office for Civil Rights in April issued a proposed rule calling for walling off certain disclosures of reproductive healthcare information from criminal, civil or administrative investigations (see: HHS Wants HIPAA Changes to Protect Reproductive Health Info).
“A subpoena could get you past the sort of HIPAA blockade in protecting privacy of people seeking medical care,” said McGee, no relation to the author. “Now in the proposed rule, anyone who is seeking a medical records of somebody who’s provided this type of reproductive healthcare is going to have to sign an attestation that they’re seeking it within the parameters prescribed by the HHS OCR,” she told Information Security Media Group.
Under the proposals, individuals signing false attestations to obtain a patient’s sensitive reproductive healthcare information, “could themselves face criminal or civil action, for perpetrating a fraud.”
In the interview (see audio link below photo), McGee also discusses:
- Limitations in the HHS’ proposed rule involving disclosures to law enforcement of patients’ reproductive healthcare information in states where abortions and related services are restricted or prohibited;
- Other challenges for covered entities and business associates implementing the proposed changes if finalized by HHS OCR, especially for organizations that operate in multiple states;
- Considerations for state attorneys general seeking to pursue HIPAA and other data privacy and security enforcement actions.
McGee is a partner in the tech group at law firm Lowenstein Sandler. She has close to two decades of experience as a prosecutor and regulator, including as bureau chief of the New York attorney general’s bureau of internet and technology.