OCR finalizes rule prohibiting certain reproductive health care disclosures

Apr 22, 2024 - 02:54 PM
nurse-patient-tablet-payment.jpg

The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule from using or disclosing protected health information to investigate or prosecute patients, providers or others involved in providing legal reproductive health services. The rule requires covered entities to obtain a signed attestation that certain requests for PHI potentially related to reproductive health care are not for these prohibited purposes. As requested by the AHA, the final rule makes clear that hospitals can rely on the attestation and are not required to investigate the validity of an attestation provided by a person requesting a use or disclosure of PHI.

The rule will take effect 60 days after publication in the Federal Register and require covered entities to comply within 240 days. As requested by the AHA, OCR plans to issue a model attestation form before the compliance date.

Related News Articles

Headline
Cassidy proposes ways to strengthen health data privacy
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
NIST updates HIPAA cybersecurity resource guide 
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
OCR releases telehealth privacy and security resources for providers, patients
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…
Headline
HHS updates tool to help providers assess HIPAA security risks
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…
Headline
COVID-19 HIPAA transition period for telehealth expires
Health care providers must comply with the HIPAA rules with respect to telehealth effective Aug. 9 at 11:59 p.m., when the 90-day enforcement discretion period…
Headline
CMS urged not to implement proposed prior authorization attachment standard
The AHA July 27 joined AHIP, the American Medical Association, and Blue Cross Blue Shield Association in urging the Centers for Medicare & Medicaid…