OCR has issued guidance on the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (Privacy Rule) and the privacy of individuals’ protected health Information (PHI) relating to abortion and other sexual and reproductive health care.
Guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care
OCR issued guidance explaining how the Privacy Rule permissions for disclosing PHI without an individual’s authorization for purposes not related to health care, such as disclosures to law enforcement officials, are narrowly tailored to protect the individual’s privacy and support their access to health care, including abortion care. This Guidance:
- Reminds HIPAA covered entities and business associates that they can use and disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by the Privacy Rule.
- Explains the Privacy Rule’s restrictions on disclosures of PHI when required by law, for law enforcement purposes, and to avert a serious threat to health or safety.
- Read the Guidance
Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet
OCR issued guidance for individuals about protecting the privacy and security of their health information when using their personal cell phone or tablet. This guidance explains that, in most cases, the HIPAA Privacy, Security, and Breach Notification Rules do not protect the privacy or security of individuals’ health information when they access or store the information on personal cell phones or tablets. This guidance also provides tips about steps an individual can take to decrease how their cell phone or tablet collects and shares their health and other personal information without the individual’s knowledge. This Guidance:
- Explains how to turn off the location services on Apple and Android devices.
- Identifies best practices for selecting apps, browsers, and search engines that are recognized as supporting increased privacy and security.
- Read the guidance