Dobbs Protecting Your Privacy and Healthcare Information
The Dobbs decision opened the conversation to the security of your private privacy healthcare information that we all assumed was secure. We have all been made aware of securing our company’s web infrastructure and firming up its variabilities. The weak link that remains involves our personal lives.
Our family’s cell phones, computers, laptops, note pads, i-pads, gaming things if they’re web-connected, and Alexa, right? Then we have electric cars, and homes, you get the picture. Last, let’s not forget our healthcare privacy.
HIPPA – NATIONAL LAW REVIEW 7/2022
Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone1 or Tablet
HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care
HHS Issues Guidance to Protect Patient Privacy in Wake of Supreme Court Decision on Roe
1-Where a state law prohibits abortion but
- does not expressly require that a hospital report an individual for terminating her pregnancy,
- The Privacy Rule would not permit disclosure of the individual’s PHI to law enforcement under the “required by law” provision.
2-The Privacy Rule Permits Does Not Require the disclosure of PHI
PHI, for law enforcement purposes “pursuant to the process and as otherwise required by law.”
- If a law enforcement official requests records of abortion, but
- there is no Court Order or other Mandate Enforceable in the court of law,
- the Privacy Rule would Not Permit the Disclosure.
3- For disclosures permitted “to avert a serious threat to the health or safety of the individual or the public,”
HHS guidance provides this example.
- A woman informs her health care provider,
- in a state that bans abortion,
- about her intent to seek an abortion in another state where abortion is legal.
- The Privacy Rule would not permit the disclosure of the woman’s PHI to law enforcement
- “to avert a serious threat to the health or safety of the individual or the public,”
- because the woman’s statement tied to pregnancy loss does not constitute such a threat.
- The guidance observes, moreover, that
- the disclosure of such PHI would generally
- increase the risk of harm to the individual and
- detrimentally affect the patient-physician relationship and
- would therefore conflict with professional ethical standards.
- the disclosure of such PHI would generally
- Can technology platforms be prevented from scraping databases to find the patients who had abortions out of state?
4- Protect your medical information when using health information apps (e.g., period trackers, and others).
- Some red states monitor period tracking or fertility apps to
- try and identify women who are planning to
- or already have had an abortion.
- As Missouri has already done this, digital rights experts warn:
- (1) keep digital footprints protected,
- (2) No google and social media, only use:
- (3) privacy-focused browsers like DuckDuckGo or Firefox Focus, and
- (4) recommend using end-to-end encrypted messaging apps like Signal or
- WhatsApp to keep calls and messages private (these apps also offer timed auto-delete features for messages).
5- In summary, none of this looks promising, but here it is:
- Patient Privacy and Reproductive Health Data in the Dobbs Aftermath
- First, sensitive data is protected by several federal and state laws,
- These laws include Section 5 of the FTC Act,
- the Safeguards Rule,
- the Health Breach Notification Rule, and
- the Children’s Online Privacy Protection Rule
- Second, the FTC warns companies
- not to make misleading claims that they “anonymize” or “aggregate” sensitive data to try to placate customers who might otherwise have concerns about their privacy.
- Finally, the Commission points to several recent cases it has brought against companies that misuse customers’ data, without parental consent,
- Kurbo/Weight Watchers, and
- CafePress for improperly collecting and indefinitely retaining sensitive consumer data.
- What can you do to protect yourself, but will we?
- data encryption,
- username ID and
- password, and
- two-factor authentication,
- together can be used to help ensure the confidentiality of information.
- But nothing is perfect, so you must keep your passwords updated.
- Personal Data Examples: Credit card or personnel number of a person, account data, number plate, appearance, customer number, or address.
- Sensitive Information Examples: Social security number, Birthdate/place, Home/Mobile phone number, Home address, Medical Records, Bank Account Numbers, IP address, Passwords, Gender, and Ethnicity.
HIPAA: applies to Healthcare providers and Healthcare Plans.
Safeguard: “protects health Information” or “PHI.”
- Steps you can take to decrease how your cell phone or tablet collects and shares your health and other personal information, such as where you go and what you do, without your knowledge.
- Avoid, downloading unnecessary or random apps, especially those that are “free.”
- ” giving any app permission to access your device’s location data, other than (e.g., navigation and traffic apps).
- turn off the location services on your personal cell phone or tablet.
- consider using communication apps, mobile web browsers, and search engines that are recognized as supporting increased privacy and security.
FCC’s Protecting Your Privacy: Phone and Cable Records
How To Protect Your Phone From Hackers | Consumer Advice
Protect Your Personal Information and Data
FTC’s What to Know About Medical Identity Theft
NSA’s Limiting Location Data Exposure
ONC’s How Can You Protect and Security Health Information When Using a Mobile Device
Electronic Frontier Foundation (EFF) Surveillance Security Scenarios
Consumer Reports website on consumer data privacy
New York Times 3 Steps to Protect Your Phone
If you believe that your (or someone else’s) health privacy rights have been violated, at
(800) 368-1019, TDD toll-free: (800) 537-7697, or by emailing: OCRMail@hhs.gov https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf