Health Law Highlights

Six Months to Go: HIPAA Privacy Rule Changes Require Additional Diligence

Summary of article from Taft Privacy & Data Security Insights, by Scot Ganow:

The Department of Health and Human Services (HHS) has issued final regulations modifying the HIPAA Privacy Rule to protect individuals’ reproductive health information, effective June 25, 2024, with compliance required by December 23, 2024. These changes prohibit HIPAA-regulated entities from disclosing protected health information (PHI) for purposes of investigating or imposing liability for lawful reproductive health care. Additionally, the regulations establish a presumption of lawfulness for reproductive care and mandate obtaining signed attestations for certain disclosures. HIPAA-covered entities and business associates must update their policies, procedures, agreements, and training to align with these new requirements. Notices of privacy practices must also be revised by February 16, 2026.