In the two years since the Dobbs v. Jackson Women’s Health decision from the Supreme Court, state legislatures and courts have attempted to define the new post-Roe landscape in health care. That effort includes actions by states to enact health data privacy laws or to amend existing privacy laws to protect consumer health data
Privacy
Implementation Underway for Washington’s New Wide-Reaching Consumer Health Data Law
On April 27, 2023, Washington Governor Jay Inslee signed into law House Bill 1155, otherwise known as the My Health My Data Act. Certain “geofencing” portions of the law became effective July 23, 2023. Other provisions will become effective for “small businesses” on June 30, 2024, and for all other regulated entities on March 31, 2024. Below is a brief summary of the law’s following core components: (1) covered individuals and entities, (2) covered data, and (3) data collection and sharing requirements.Continue Reading Implementation Underway for Washington’s New Wide-Reaching Consumer Health Data Law
HIPAA Privacy Rule commenters express concerns about privacy, health outcomes, LQBTQIA+ rights, and historical health care disparities
The comment period for the U.S. Department of Health and Human Services Office for Civil Rights (OCR proposed changes to Privacy Rule ended on June 16, 2023, and the first portion of comments have been released to the public. As of June 19, 2023, 25,905 comments were submitted to the U.S. Department of Health and Human Services Office for Civil Rights (OCR), with 65 of those comments being made publicly available for review.
The publicly available comments can be viewed on Regulations.gov under the “Browse Posted Comments” tab. The relevant changes at issue were announced on Monday, April 12, 2023 by the OCR issuing a notice of proposed rulemaking (NPRM) to modify the HIPPA Privacy Rule to address the release of reproductive health care information to third parties for the purposes of civil, administrative, or criminal proceedings for care that is lawfully obtained.Continue Reading HIPAA Privacy Rule commenters express concerns about privacy, health outcomes, LQBTQIA+ rights, and historical health care disparities
Proposed changes to HIPAA highlight increased demands for third party access to reproductive health data
On Monday, April 12, 2023, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) issued a notice of proposed rulemaking (NPRM) to modify the HIPAA Privacy Rule to address the release of reproductive health care information to third parties for the purposes of civil, administrative, or criminal proceedings for care that is lawfully obtained.
OCR has also released a fact sheet on this NPRM. The NPRM included: (1) the addition of new protections with respect to certain information related to reproductive health care; (2) a new obligation for regulated entities to obtain “attestations” (which are different from HIPAA’s traditional authorization) before responding to requests for certain PHI related to reproductive health care; and (3) the modification of the definition of “person,” and the addition of several new definitions.Continue Reading Proposed changes to HIPAA highlight increased demands for third party access to reproductive health data
HHS proposes update to Part 2 confidentiality regulations to align with HIPAA
The Department of Health and Human Services recently issued a proposed rule that would streamline the federal regulations governing the confidentiality of substance use disorder (SUD) patient records at 42 CFR Part 2 (Part 2) with the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA). Comments on the proposed rule are due to HHS by January 31, 2023
For years, health care providers regulated by both Part 2 and HIPAA and their patients, have wrestled with the inconsistencies across these two privacy frameworks. Part 2, for example, currently imposes different patient consent requirements and disclosure restrictions on Part 2-protected SUD treatment records (Part 2 Records) than HIPAA, even though such records often constitute protected health information (PHI) as well. The inconsistencies (and in some cases, conflicts) between HIPAA and Part 2 requirements have created barriers to information sharing and confusion and compliance challenges for entities regulated under both frameworks, which in turn have unnecessarily impeded treatment access and care coordination.
As noted in the HHS fact sheet and the press release issued by the Substance Abuse and Mental Health Services Administration (SAMHSA), the proposed rule would, if finalized, enhance care coordination, afford patients a formal right of access to their SUD records, and extend HIPAA’s breach notification standards to Part 2-regulated providers and information. The proposed rule would also allow health care providers to align internal privacy compliance programs, the importance of which is underscored by another proposal to impose the same HIPAA civil and criminal penalties on regulated providers for noncompliance with Part 2 regulations. Continue Reading HHS proposes update to Part 2 confidentiality regulations to align with HIPAA
New Guidance by OCR addresses HIPAA and Disclosures of Information relating to Reproductive Health
On June 29, 2022, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) issued two pieces of guidance clarifying the applicability of the Health Insurance Portability and Accountability Act (“HIPAA”) related to privacy of information connected to an individual’s reproductive health.
Through this guidance, HIPAA addresses both protected health information (“PHI”), which is subject to HIPAA’s rules, as well as general, personal information that is not directly protected by HIPAA.Continue Reading New Guidance by OCR addresses HIPAA and Disclosures of Information relating to Reproductive Health
Unanswered Questions on Privacy and Employment from Supreme Court Overturn of Roe v. Wade
As the health care industry as a whole comes to grips with the fallout from the U.S. Supreme Court’s decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health, here at Reed Smith we have formed a Reproductive Health Working Group to bring expertise from the across our many specialty areas to help our clients to prepare for the post-Dobbs reality.
To that end, we have generated a series of “unanswered questions” client updates to reflect the issues that a Roe reversal may have for the health care industry. Earlier posts on this blog have shared the parts of that series that focused on pharmacies, health care providers, and fertility practices, and employee benefit plans.
The Working Group has put together two new updates to branch into the employment and privacy areas.Continue Reading Unanswered Questions on Privacy and Employment from Supreme Court Overturn of Roe v. Wade
California AG urges mobile app companies to safeguard reproductive health data
As the U.S. Supreme Court inches closer to the end of its term and a decision in a Mississippi abortion law case that is expected to either limit or eliminate the precedent of Roe v. Wade, the California Attorney General has urged mobile health app companies to safeguard the reproductive health data of people who…
Consensus among HHS agencies on addressing social determinants of health through better data capture, interoperability
Over the last decade, members of the medical and public health communities around the world have widely studied and acknowledged the impact of social determinants of health (SDOH)—the conditions in the environments where people live, learn, work, play, and age—on a wide range of health, functioning, and quality-of-life-risks and outcomes.[1] In the past year…
Congress considers the future of telehealth in the wake of COVID-19
It is no secret that the coronavirus pandemic has driven our daily lives digital—work, education, social gatherings, and, of course, health care. Congress and CMS responded to the public health emergency by waiving limitations on reimbursement for telehealth services rendered to Medicare patients. These waivers introduced new flexibility and vastly expanded Medicare patients’ access to…
HHS proposes important changes to key aspects of HIPAA Privacy Rule
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the agency that enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is the latest federal agency to jump on the HHS rulemaking bandwagon issuing a Notice of Proposed Rulemaking (NPRM) on December 10, 2020, that proposes pivotal changes…
SAMHSA Proposes Clarifications to Rules Governing the Confidentiality of Substance Use Disorder Patient Records
The Department of Health & Human Services (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) has proposed revisions to federal rules governing the confidentiality of patient records created by federally-assisted substance use disorder (SUD) treatment programs. The proposed rule is intended to support coordinated care among providers that treat patients with SUDs, while maintaining…
SAMHSA Finalizes Changes to Rules for Disclosure of Substance Abuse Records to Support Health Care Operations
The Substance Abuse and Mental Health Services Administration (SAMHSA) has issued a final rule addressing the disclosure of substance use disorder patient records that is intended to facilitate health care activities while protecting patient privacy. The final rule identifies the circumstances under which lawful holders of patient identifying-information may disclose such information to their contractors, …
SAMHSA Releases Final and Supplemental Proposed Rules on Substance Abuse Records Privacy Protections
A new Substance Abuse and Mental Health Services Administration (SAMHSA) final rule is intended to modernize federal regulations governing the confidentiality of substance abuse records. SAMHSA explains in the preamble that it the agency “wants to ensure that patients with substance use disorders have the ability to participate in, and benefit from health system delivery…
SAMHSA Proposes Revisions to Substance Abuse Records Privacy Protections to Support Delivery Reform
The Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule on February 9, 2016 that is intended to modernize regulations governing the confidentiality of substance abuse records to ensure that patients with substance use disorders have the ability to participate in new integrated health care models that emphasize coordinated care while addressing…
White House Releases Proposed Precision Medicine Initiative Privacy Framework
Earlier this year, President Obama launched a high-profile “Precision Medicine Initiative” (PMI) to develop treatments, diagnostics, and prevention strategies tailored to the individual genetic characteristics of each patient. On July 8, 2015 the White House released for public comment a draft document entitled “Precision Medicine Initiative: Proposed Privacy and Trust Principles,” which provides broad guidance…
Congressional Health Policy Hearings
The following Congressional panels have held hearings recently on various health policy issues:
- The House Science, Space, and Technology Committee held a hearing entitled, “Can Americans Trust the Privacy and Security of their Information on HealthCare.gov?”;
- The Senate Health, Education, Labor and Pensions (HELP) Committee held a hearing on the reemergence of vaccine-preventable diseases; and
…
GAO Calls for Improvements to Healthcare.gov Information Security and Privacy Controls
The Government Accountability Office (GAO) has assessed the effectiveness of CMS controls intended to protect the security and privacy of the information and information technology (IT) systems used to support Healthcare.gov. The GAO determined that while CMS has taken steps to protect Healthcare.gov security and privacy, “weaknesses remain both in the processes used for managing…
HHS OCR Releases HIPAA Privacy Rule Guidance Documents
As reported on our sister blog, http://www.lifescienceslegalupdate.com/, the HHS Office for Civil Rights (OCR) has made a number of recent announcements regarding HIPAA Privacy Rule implementation. First, OCR has issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act…
Congressional Health Policy Hearings
Recent Congressional hearings on health policy issues include the following:
- A House Energy and Commerce Health Subcommittee a hearing entitled “PPACA Pulse Check: Part 2,” focusing on ACA readiness and implementation issues (Part 1 of the hearing was on August 1, 2013).
- A House Homeland Security Cybersecurity Subcommittee hearing on “The Threat to Americans’ Personal
…