Reproductive care final rule: What it means and what organizations need to do

In April 2024, a federal ruling related to HIPAA privacy around reproductive rights introduced enhanced privacy protections for patients and providers.

Beyond awareness about compliance, integrating upgraded security protocols to safeguard sensitive reproductive health information could help reinforce patient security — and trust.

Background

The Biden-Harris Administration, through the Office of Civil Rights issued the HIPAA privacy rule to support reproductive healthcare privacy to support and enhance reproductive healthcare privacy by prohibiting the disclosure of protected health information (PHI) related to lawful reproductive healthcare in certain circumstances.

Amendments to the privacy rule will become effective on June 25, 2024, and regulated entities must be in compliance with most of them by Dec. 22, 2024.

Who’s impacted

• Regulated healthcare providers
• Health plans
• Healthcare clearinghouses
• Business associates of the above
• Patients

What’s changed: Law enforcement exception

The original rule set out to define protected PHI for individuals, who’s covered, what information is protected, and how this protected information can be used and disclosed. Organizations are prohibited from sharing health information without a patient’s written consent, except in certain situations as with certain public needs, including law enforcement. In such cases, organizations may share patient information with the police if, say, they’re responding to a legal order like a subpoena or warrant.

Following the U.S. Supreme Court’s Dobb’s decision in 2022, overturning Roe v. Wade (which concluded that the constitution doesn’t protect the right to abortion), 21 states have banned abortion and restricted other reproductive rights.