New HIPAA Rule on Protected Health Information and Reproductive Health Care

Posted by BAS - 12 September, 2024

header-picture

The Department of Health and Human Services (HHS) issued a final rule that impacts employer-sponsored group health plans and their business associates (“Covered Entities"). This rule prohibits the use or disclosure of protected health information (PHI) when it is requested for the purpose of investigating or penalizing someone for seeking, obtaining, or providing lawful reproductive health care. The same restriction applies to efforts to identify individuals involved in such activities.

Covered Entities that receive requests for PHI related to reproductive health care must now require a signed attestation from the requester, confirming that the requested PHI will not be used for prohibited activities. This attestation is mandatory when the request is made for purposes including:

  • Health oversight activities
  • Judicial or administrative proceedings
  • Law enforcement purposes
  • Disclosures to coroners or medical examiners

HHS has provided a model attestation form that Covered Entities may use, but they are also allowed to create their own form. The model form may be accessed by clicking here.

The form must be a standalone document and should include:

  • A description of the requested PHI, identifying the individual(s) involved
  • The name(s) of the person(s) making the request and the recipient of the PHI
  • A statement that the PHI will not be used for prohibited activities
  • A warning that obtaining or disclosing PHI in violation of HIPAA may result in criminal penalties
  • The signature of the requester, which can be electronic, and the date of the request

By December 23, 2024, Covered Entities must begin obtaining these attestations when PHI related to reproductive health care is requested. Group health plan sponsors should update their HIPAA policies and procedures accordingly.


Benefit Allocation Systems (BAS) provides best-in-class, online solutions for: Employee Benefits Enrollment; COBRA; Flexible Spending Accounts (FSAs); Health Reimbursement Accounts (HRAs); Leave of Absence Premium Billing (LOA); Affordable Care Act Record Keeping, Compliance & IRS Reporting (ACA); Group Insurance Premium Billing; Property & Casualty Premium Billing; and Payroll Integration.

MyEnroll360 can Integrate with any insurance carrier for enrollment eligibility management (e.g., Blue Cross, Blue Shield, Aetna, United Health Care, Kaiser, CIGNA and many others), and integrate with any payroll system for enrollment deduction management (e.g., Workday, ADP, Paylocity, PayCor, UKG, and many others).

Topics: MyEnroll360 Security, HR & Benefits News, Technology News, Cybersecurity


Recent Posts

Question of the Week - HRA Reimbursements

read more

Security Tips from the IRS

read more

CCS Commitment to COBRA

read more