The Department of Health & Human Services’ Office for Civil Rights April 22 released a final rule prohibiting entities regulated by the HIPAA Privacy Rule from using or disclosing protected health information to investigate or prosecute patients, providers or others involved in providing legal reproductive health services. The rule requires covered entities to obtain a signed attestation that certain requests for PHI potentially related to reproductive health care are not for these prohibited purposes. As requested by the AHA, the final rule makes clear that hospitals can rely on the attestation and are not required to investigate the validity of an attestation provided by a person requesting a use or disclosure of PHI.

The rule will take effect 60 days after publication in the Federal Register and require covered entities to comply within 240 days. As requested by the AHA, OCR plans to issue a model attestation form before the compliance date.

Related News Articles

Headline
The U.S. Department of Health and Human Services will not appeal its loss in American Hospital Association v. Becerra. The AHA, joined by the Texas Hospital…
News
A United States District Court Judge in Texas today ruled in favor of the AHA, Texas Hospital Association, and hospital plaintiffs, agreeing that Department of…
Headline
Senate Health, Education, Labor & Pensions Committee Ranking Member Bill Cassidy, R-La., Feb. 21 released a report proposing ways to modernize the existing…
Headline
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage…
Headline
The Department of Health and Human Services’ Office for Civil Rights Oct. 18 released a resource for health care providers who choose to educate patients about…
Headline
The Department of Health and Human Services’ Office of the National Coordinator for Health Information Technology and Office for Civil Rights have updated…