Dobbs Protecting Your Privacy and Healthcare Information

The Dobbs decision opened the conversation to the security of your private privacy healthcare information that we all assumed was secure. We have all been made aware of securing our company’s web infrastructure and firming up its variabilities. The weak link that remains involves our personal lives.

Our family’s cell phones, computers, laptops, note pads, i-pads, gaming things if they’re web-connected, and Alexa, right? Then we have electric cars, and homes, you get the picture. Last, let’s not forget our healthcare privacy.

HIPPA – NATIONAL LAW REVIEW 7/2022

Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone1 or Tablet

HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care

HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe

1-Where a state law prohibits abortion but

does not expressly require that a hospital report an individual for terminating her pregnancy,
- The Privacy Rule would not permit disclosure of the individual’s PHI to law enforcement under the “required by law” provision.

2-The Privacy Rule Permits Does Not Require the disclosure of PHI

PHI, for law enforcement purposes “pursuant to the process and as otherwise required by law.”

- If a law enforcement official requests records of abortion, but
- there is no Court Order or other Mandate Enforceable in the court of law,
- the Privacy Rule would Not Permit the Disclosure.

3- For disclosures permitted “to avert a serious threat to the health or safety of the individual or the public,”

HHS guidance provides this example.

A woman informs her health care provider,
- in a state that bans abortion,
- about her intent to seek an abortion in another state where abortion is legal.
  - The Privacy Rule would not permit the disclosure of the woman’s PHI to law enforcement
  - “to avert a serious threat to the health or safety of the individual or the public,”
  - because the woman’s statement tied to pregnancy loss does not constitute such a threat.
The guidance observes, moreover, that
- the disclosure of such PHI would generally
  - increase the risk of harm to the individual and
  - detrimentally affect the patient-physician relationship and
  - would therefore conflict with professional ethical standards.
Can technology platforms be prevented from scraping databases to find the patients who had abortions out of state?

4- Protect your medical information when using health information apps (e.g., period trackers, and others).

Some red states monitor period tracking or fertility apps to
- try and identify women who are planning to
- or already have had an abortion.
- As Missouri has already done this, digital rights experts warn:
  - (1) keep digital footprints protected,
  - (2) No google and social media, only use:
  - (3) privacy-focused browsers like DuckDuckGo or Firefox Focus, and
  - (4) recommend using end-to-end encrypted messaging apps like Signal or
  - WhatsApp to keep calls and messages private (these apps also offer timed auto-delete features for messages).

5- In summary, none of this looks promising, but here it is:

Patient Privacy and Reproductive Health Data in the Dobbs Aftermath
- First, sensitive data is protected by several federal and state laws,
- These laws include Section 5 of the FTC Act,
- the Safeguards Rule,
- the Health Breach Notification Rule, and
- the Children’s Online Privacy Protection Rule
Second, the FTC warns companies
- not to make misleading claims that they “anonymize” or “aggregate” sensitive data to try to placate customers who might otherwise have concerns about their privacy.
Finally, the Commission points to several recent cases it has brought against companies that misuse customers’ data, without parental consent,
- Kurbo/Weight Watchers, and
- CafePress for improperly collecting and indefinitely retaining sensitive consumer data.
What can you do to protect yourself, but will we?
- data encryption,
- username ID and
- password, and
- two-factor authentication,
- together can be used to help ensure the confidentiality of information.
- But nothing is perfect, so you must keep your passwords updated.
Personal Data Examples: Credit card or personnel number of a person, account data, number plate, appearance, customer number, or address.
Sensitive Information Examples: Social security number, Birthdate/place, Home/Mobile phone number, Home address, Medical Records, Bank Account Numbers, IP address, Passwords, Gender, and Ethnicity.

HIPAA: applies to Healthcare providers and Healthcare Plans.

Safeguard: “protects health Information” or “PHI.”

Steps you can take to decrease how your cell phone or tablet collects and shares your health and other personal information, such as where you go and what you do, without your knowledge.
- Avoid, downloading unnecessary or random apps, especially those that are “free.”
- ” giving any app permission to access your device’s location data, other than (e.g., navigation and traffic apps).
- turn off the location services on your personal cell phone or tablet.
- consider using communication apps, mobile web browsers, and search engines that are recognized as supporting increased privacy and security.
- https://consumer.ftc.gov/articles/how-protect-your-privacy-apps
- https://www.consumerreports.org/issue/data-privacy