Compliance Bulletin – Health Plans Must Update HIPAA Policies for New Reproductive Health Care Rights
Beginning Dec. 23, 2024, covered entities and their business associates must comply with stricter
HIPAA privacy protections for reproductive health care. These new protections prohibit regulated entities from using or disclosing protected health information (PHI) related to lawful reproductive health care:
- For a criminal, civil or administrative investigation into (or proceeding against) a person in connection with reproductive health care; or
- To identify an individual, health care provider or other person for purposes related to such an investigation or proceeding.
In addition, regulated entities must obtain a valid attestation when a request is made to use or disclose PHI potentially related to reproductive health care for certain purposes to ensure that the use or disclosure is permissible.