Maybe you’re in your twelfth week of pregnancy. Maybe you just had a miscarriage a couple of years ago. Maybe you’re not pregnant because you use contraception, such as birth control pills or an IUD. Maybe you had an abortion four years ago.
All of this, and more, is information about your reproductive health that is (or should be) part of your medical record. It is the information that health professionals need to know about you, but that doesn’t mean you want anyone else to know it.
You want your privacy and for your medical information to be protected. There is a federal law that helps do that. It is the Health Insurance Portability and Accountability Act or HIPAA. HIPAA has other functions, but one of its main purposes it to protect the privacy of patients and members of health insurance plans, and to ensure that health information is kept secure.
Part of HIPAA is the Privacy Rule, which gives you rights over what is called your protected health information (PHI) and lets you control who can see or access that information. It doesn’t matter whether this information is on paper, in electronic form, as x-rays or other images, or spoken, health professionals must keep your medical information confidential.
As a patient, you can control who sees your information. This is why your doctor or midwife’s office will ask you to sign a form giving them permission to share information with your health insurance company or with other health professionals.
If you don’t specifically say who can have access to your healthcare information, your healthcare provider–including a clinic or hospital, your pharmacist, your insurance company, and all their staff–cannot give any information out. For example, if you are having your baby at a hospital and your relatives call the hospital to see how things are going, the hospital cannot even say that you have been admitted.
HIPAA gives everyone, or a parent or guardian in the case of a child, the right to see and get copies of all health information from their healthcare providers or health insurance plans. A hospital, clinic, or individual healthcare provider that is regulated by HIPAA has 30 days once a request is made to provide you or your representative with copies of the records, although they can get an extension of this time period.
As a woman, you need privacy and security for information about your reproductive history. This is especially true now that Roe v. Wade has been overturned.
Many states have passed or have drafted laws banning abortions after a certain number of weeks into the pregnancy. Some states are proposing ban or limit access to the drugs used for medical abortions. Some states now say traveling out of state for an abortion is illegal. This means that information about things like whether you are pregnant now, or when you had your last period could potentially be used to investigate whether you had an abortion.
Despite these changes in state laws, healthcare providers must still follow the Privacy Rule of HIPAA, which includes any information related to abortion, miscarriage, or stillbirth. The rule prohibits disclosure of your information to law enforcement agencies unless there is a court-issued warrant or other legal process. You can read more about HIPAA and your reproductive health information at www.https://www.hhs.gov/hipaa which is a web page created by the Department of Health and Human Services (HHS).
An example of how HIPAA should work: If you are in a state that has banned abortion and you tell your physician or midwife that you will travel to a state where you can get an abortion, HHS says that providers do not need to tell law enforcement agencies.
One concern is that, in most cases, HIPAA does not protect health information that is held on smart phones, including your search history in your browser or information that you have put into apps that help you track your health. This includes apps that help you track your period or help track your pregnancy. The exception is if the app is a service provided by your health insurance plan or your healthcare provider.
Violating HIPAA rules is a federal offense and violations are taken very seriously. Someone who accidentally violates HIPAA rules about keeping health information secure, such as by losing a computer or smartphone, may be hit with fines. Purposely disclosing private health information can lead to a fine of $50,000 and possible jail time. Disclosing protected information for personal gain–like selling health information about a celebrity to a tabloid–could lead to a fine of up to $250,000 and up to ten years in prison.
If you believe a health care provider has violated your rights under HIPAA, you have a right to file a complaint to Office of Civil Rights of HHS. You do not need a lawyer to file a complaint.