Privacy, Compliance Management

Biden orders health privacy actions as senators seek stronger HIPAA protections after Roe overturned

Share
President Joe Biden speaks with governors on protecting access to reproductive healthcare at the White House on July 1 in Washington. Biden signed an executive order Friday to protect access to reproductive healthcare servces. (Photo by Tasos Katopodis/Getty Images)
President Joe Biden speaks with governors on protecting access to reproductive healthcare at the White House on July 1 in Washington. Biden signed an executive order Friday to protect access to reproductive healthcare servces. (Photo by Tasos Katopodis/Getty Images)

In response to the Supreme Court’s decision to overturn Roe v. Wade, President Joe Biden issued an executive order on Friday to protect access to reproductive healthcare services, including abortion, and urges the Department of Health and Human Services and the Federal Trad Commission to address potential patient privacy threats.

The Biden administration is concerned by the potential “digital surveillance related to reproductive healthcare services.” Among care access and other threats to the physical safety of patients, the order aims to protect those seeking reproductive care.

The leading privacy and data security concerns include threats to those seeking abortion care and patient privacy risks posed by fraudulent schemes and deceptive practices, as well as privacy threats brought on by “the transfer and sale of sensitive health-related data.” 

“It remains the policy of my Administration to support women’s right to choose and to protect and defend reproductive rights,” Biden said in a statement. “Doing so is essential to justice, equality, and our health, safety, and progress as a nation.”

HHS urged to update HIPAA Privacy Rule after abortion ruling

The order comes on the heels of a letter sent by Sens. Michael Bennet, D-Colo., and Catherine Cortez Masto, D-Nev., urging HHS to update the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule to protect the privacy of patients seeking abortion care services.

Although HHS has taken a number of steps to bolster the HIPAA rule, including new guidance detailing ways providers can better support patient privacy in light of the Supreme Court ruling, the senators believe the agency has the authority to do more to enhance privacy protections.

The language in HIPAA explicitly notes the privacy rule can “define and limit the circumstances in which an individual’s protected health information may be used or disclosed by covered entities.”

As a result, the senators are urging HHS to update HIPAA in accordance with Administrative Procedure Act requirements “to clarify who is a covered entity and to limit when that entity can share information on abortion or other reproductive health services.”

“Specifically, HHS should clarify that this information cannot be shared with law enforcement agencies who target individuals who have an abortion,” the senators wrote.

In addition, the agency should make the determination that Pregnancy Care Centers, or Crisis Pregnancy Centers” are required to follow HIPAA requirements, as “the decision to start or expand a family is intensely personal and private,” the senators added. “The individual liberty to make those decisions, and the conversations surrounding them, must be protected.”

In mid-June, HHS announced it would prioritize privacy violations in its enforcement actions, in direct response to the Supreme Court decision.

Biden’s executive order on access to reproductive healthcare services

The executive order would task the attorney general and the secretary of Homeland Security with finding methods to protect patient safety and reproductive care providers, as well as the security of physical and mobile clinics. The order also asks the FTC to consider ways to protect consumer privacy, particularly patients looking for information on reproductive care services.

HHS is required to consider actions, including HIPAA guidance and other statutes, to strengthen current data privacy protections and improve the confidentiality of all patient-provider interactions.

To accomplish the order’s goals, HHS should consult with the attorney general to find appropriate means to educate consumers on protecting their own health privacy, as well as to limit both the collection of and sharing sensitive health-related information and consider option to address fraudulent practices around reproductive care and online risks.

Ongoing congressional proposals are already seeking ways to prevent these privacy risks with one possible legislation banning the sale of health data to data brokers. Congress has already asked Google to stop collecting location data, particularly that of reproductive care sites. The tech giant has already obliged.

Jessica Davis

The voice of healthcare cybersecurity and policy for SC Media, CyberRisk Alliance, driving industry-specific coverage of what matters most to healthcare and continuing to build relationships with industry stakeholders.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.