As part of MMM’s commitment to its hospital and physician clients, our Healthcare practice is publishing a series of articles discussing the practical legal effects on MMM’s clients following the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization, which reversed Roe v. Wade and returns regulation of abortion access to the States.
Part 3 of this series addresses the availability of a patient’s abortion information under HB 481 and HIPAA.
Access to Health Records Under HB 481
HB 481 explicitly permits the district attorney of the judicial circuit in which the act of abortion occurs or where the patient resides upon whom an abortion is performed to access “health records” and that such health records shall be made available. While O.C.G.A. § 16-12-140 et seq. does not define “health records,” O.C.G.A. § 31-33-1, which generally governs access to health records, defines a “record” to mean a patient’s health record, including, but not limited to, evaluations, diagnoses, prognoses, laboratory reports, X-rays, prescriptions, and other technical information used in assessing the patient's condition, or the pertinent portion of the record relating to a specific condition, or a summary of the record.
HIPAA and Access to Health Records
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal statute that governs the creation, use, disclosure, maintenance, and transmission of certain protected health information (PHI), including a patient’s health, healthcare, or payment for same, by and on behalf of Covered Entities and their Business Associates. Covered Entities and Business Associates may not use or disclose PHI unless the use or disclosure is 1) for purposes of treatment, payment, or healthcare operations; 2) is pursuant to a written, HIPAA-compliant authorization; or 3) an exception applies that allows disclosure. With regards to HB 481, some relevant exceptions may include disclosures required by law, disclosures in administrative or judicial proceedings, and disclosures to law enforcement. Each of these exceptions has specific prerequisites that must be satisfied prior to a Covered Entity or Business Associate disclosing PHI. Covered Entities and Business Associates are already required to have policies in place that pertain to each of these exceptions, and Covered Entities and Business Associates must comply with HIPAA when making disclosures related to HB 481. Providers and hospitals may wish to review their HIPAA policies with particular attention paid to such disclosures to streamline operations and ensure compliance. Failure to comply with HIPAA may result in civil or criminal penalties.
For immediate questions and policy development, please contact a member of the MMM healthcare practice group.