A new final federal rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule is now in effect, changing the way reproductive health-care information is handled, according to a health care law expert. The main part of the new rule went into effect on Dec. 23 and prohibits the use or […]
Already an Subcriber? Log in
Get Instant Access to This Article
Become a Central New York Business Journal subscriber and get immediate access to all of our subscriber-only content and much more.
- Critical Central New York business news and analysis updated daily.
- Immediate access to all subscriber-only content on our website.
- Get a year's worth of the Print Edition of The Central New York Business Journal.
- Special Feature Publications such as the Book of Lists and Revitalize Greater Binghamton, Mohawk Valley, and Syracuse Magazines
Click here to purchase a paywall bypass link for this article.
A new final federal rule modifying the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule is now in effect, changing the way reproductive health-care information is handled, according to a health care law expert. The main part of the new rule went into effect on Dec. 23 and prohibits the use or disclosure of protected health information (PHI) to conduct a criminal, civil, or administrative investigation into or to impose liability on any person for the act of seeking, obtaining, providing, or facilitating reproductive health care where such care is lawful or identifying any person for the purpose of conducting such investigation or imposing such liability. The prohibitions apply where the care is lawful in the state in which the care was provided or is otherwise protected by federal law when it comes to reproductive health care. “Their definition of reproductive health care is pretty concise,” says Brigid Maloney, a partner and co-team leader of the health-care practice at Lippes Mathias, a Florida–based law firm with New York offices in Albany, Buffalo, Melville, New York City, Rochester, Saratoga Springs, and a Syracuse office that opened last June. Simply put, reproductive health care is all health-care matters related to the reproductive system. And now information related to that care is specifically protected by HIPAA. Previously, the information fell into a category where the information “may” be disclosed without consent, Maloney notes. Now, entities may not disclose the information without the patient’s consent. Specifically, the information may not be disclosed to someone conducting an investigation, nor can the name of the provider be released — not even to law enforcement, she adds. The new rule aligns with the main tenet of HIPAA, which, along with digitizing and modernizing health records, was designed to build trust in health care, she says. The premise is that in order for health care to be effective, patients need to trust their providers enough to share confidential health information. The new rule also comes with a new component when it comes to requesting reproductive health care. “There is a new attestation requirement,” Maloney says. That means if someone requests such information, they need to provide an attestation to the covered entity they are requesting it from, stating they won’t use the information for prohibited purposes including an investigation or identifying a provider. “This even applies to subpoenas,” Maloney adds. Hospitals, clinics, doctor’s offices, and other covered entities should take some steps to make sure they are complying with the new rule, she says. That includes updating internal policies and procedures and training their workforce on when to obtain attestations. Organizations have until February 2026 to update their notice of privacy practices. Maloney recommends organizations consult their legal counsel to ensure compliance. They can also visit the U.S. Department of Health and Human Services website (www.hhs.gov/hipaa/for-professionals/special-topics/reproductive-health/index.html) for more information and resources.