To help guide entities through the significant confusion and changes that will be evolving for the next several years, BakerHostetler has assembled the Dobbs Decision Task Force (DDTF), led by attorneys in five major areas (healthcare/health tech, privacy, labor and employment, employee benefits, and white collar).
Like many others, healthcare entities are facing immediate uncertainty in the wake of the U.S. Supreme Court’s decision in Dobbs v. Jackson Women’s Health Org. (available at www.supremecourt.gov/opinions/21pdf/19-1392_6j37.pdf), as they are now caught between a variety of state and federal laws and guidance that seem to conflict.
Some agencies within the federal government have made public comments since Friday confirming their intent to advocate for continued access to abortion:
Most recently, on June 29, HHS OCR issued two guidance pieces (“HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care,” available at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi-reproductive-health/index.html, and “Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet,” available at https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/cell-phone-hipaa/index.html). The BakerHostetler DDTF will be publishing analysis of the aforementioned guidance shortly.
State lawmakers and litigation have kept up with – if not outpaced – federal comments, further fueling confusion, including about when “trigger” laws would be effective and what services would be prohibited.
The first client alerts from our DDTF colleagues on the Labor and Employment and Employee Benefits team can be found here and here.
With respect to healthcare, health technology and privacy issues, we anticipate covering analysis of several questions we have already received from clients.
For HIPAA-Covered Entities and Business Associates:
- What are a covered entity’s obligations under HIPAA to produce – or to prevent production of – medical records to law enforcement in another state when the records indicate the patient had an abortion after her home state’s ban or restrictions went into effect?
- Should covered entities put new policies in place with release of information vendors to conduct a review for abortion services before producing records containing post-Dobbs abortion services? Is such a review HIPAA compliant?
- Should covered entities undertake additional confirmatory diligence before responding to medical record releases for third parties, in light of laws that are being drafted in the image of Texas’s SB8 law (allowing private individuals to sue women who have had abortions), and will such efforts be seen as a “hurdle” to a patient’s right to access their records under the OCR’s current initiative?
- How do state bans impact decisions physicians make pursuant to the Emergency Medical Treatment and Labor Act (EMTALA) (requiring stabilization of emergency department patients)?
- For clinical research sites and research institutions, will state restrictions impact existing research studies and/or impact who is able to participate in such studies?
- For health tech/population health data companies with medical records in their databases and customers from both ban and non-ban states, are there restrictions they can or should implement to limit the ability to query the data for abortion-related services?
- How does the decision impact telehealth providers who – inadvertently or purposefully/permissibly or impermissibly – prescribe medication to end pregnancies?
- What, if any, responsibility falls to pharmacists who dispense prescribed abortion pills in states with restrictive abortion laws?
- Does the decision impact a health facility’s or provider’s ability to transfer a patient from a facility in a state with restrictive abortion laws to one without, or to refer a patient to a provider in a nonrestrictive state?
- What, if any, impact does the decision have on assisted reproductive technologies and cryo-preserved embryos?
For Non-HIPAA Covered Entities:
- Employers offering travel benefits will be in possession of significant abortion-related health information belonging to their employees. What additional safeguards are needed for that information, and what additional privacy laws may apply to these employers?
- Are employers that are headquartered outside of states that ban or significantly limit access to abortion services but that have employees in those states required to produce abortion-related employee documents in response to law enforcement requests from outside of their home state if there are concerns around employee privacy?
- Are there state-specific laws, such as the California Consumer Privacy Act, that impact a non-HIPAA-covered entity’s ability or obligation to ensure privacy around pregnancy and abortion-related health information?
This list is not intended to be exhaustive. The healthcare and privacy DDTF teams will be releasing analysis on these issues and more in the weeks, months and likely years to come.
BakerHostetler is supporting clients through these considerations. If you would like to speak with a member of the BakerHostetler Healthcare Privacy team, please reach out to Aleksandra Vold, Kimberly Gordy, or Bethany Lukitsh or your BakerHostetler contact.
If you would like to speak with a member of the BakerHostetler Healthcare Technology and Compliance team, please reach out to Charlene McGinty, Amy Fouts, Claire Bass or your BakerHostetler contact.
Authorship credit: Aleksandra Vold and Amy Fouts