There is a lot to unpack from both the Majority and the Dissent in Dobbs.
Specifically found in the Constitution (particularly in the Bill of Rights) or have been found under Due Process, fundamental rights are those rights that have been recognized by the U.S. Supreme Court has necessitating a high degree of protection from government encroachment. The July 8th Executive Order Fact Sheet states, “[f]undamental rights – to privacy, autonomy, freedom, and equality – have been denied to millions of women across the country, with grave implications for their health, lives, and wellbeing.” Men’s lives, as well as those of a woman’s living children, will also be impacted. As the July 8, 2022 Executive Order further substantiates, “[t]hese deeply private decisions should not be subject to government interference.” One area that is germane to the fundamental right to privacy is addressed in Section 4 of the Executive Order – protecting privacy, safety, and security. Specifically:
Sec. 4. Protecting Privacy, Safety, and Security. (a) To address potential heightened safety and security risks related to the provision of reproductive healthcare services, the Attorney General and the Security of Homeland Security shall consider actions, as appropriate and consistent with applicable law, to ensure the safety of patients, providers, and third parties, and to protect the security of clinics (including mobile clinics), pharmacies, and other entities providing, dispensing, or delivering reproductive and related healthcare services.
(b) To address the potential threat to patient privacy caused by the transfer and sale of sensitive health-related data and by digital surveillance related to reproductive healthcare services, and to protect people seeking reproductive health services from fraudulent schemes or deceptive practices:
(i) The Chair of the Federal Trade Commission (FTC) is encouraged to consider actions, as appropriate and consistent with applicable law (including the Federal Trade Commission Act, 15 U.S.C. 41 et seq.), to protect consumers’ privacy when seeking information about and provision of reproductive healthcare services.
(ii) The Secretary of Health and Human Services shall consider actions, including providing guidance under the Health Insurance Portability and Accountability Act, Public Law 104-191, 110 Stat. 1936 (1996) as amended by Public Law 111-5, 123 Stat. 115 (2009), and any other statutes as appropriate, to strengthen the protection of sensitive information related to reproductive healthcare services and bolster patient-provider confidentiality. (emphasis added).
(iii) The Secretary of Health and Human Services shall, in consultation with the Attorney General, consider actions to educate consumers on how best to protect their health privacy and limit the collection and sharing of their sensitive health-related information.
Not surprisingly, HIPAA plays a critical role in protecting PHI, which includes 18 identifying factors of PII that can be de-identified in order to protect a patient’s fundamental relationship with his/her health information. “The executive order comes about a week after the HHS' Office for Civil Rights issued new HIPAA guidance clarifying that, with limited exceptions, medical clinics, physicians and other healthcare providers are not required - and in many cases, not permitted - to disclose patients' private information to law enforcement authorities.” Even if the law enforcement exception is invoked, there are safeguards, including Due Process, so that a request for a disclosure of PHI, including the 18 identifying factors when they relate back to PHI, cannot exceed that what is required by law.
The only branch of our Federal Government, which can essentially change what Dobbs did - overturning 50 years of precedent – is Congress. Considering re-establishing as law what was lost when the Dobbs Opinion was issued in June 2022, a bipartisan group of Senators took the initiative to introduce the Health and Location Data Protection Act, which would fill a significant gap in U.S. privacy law.
There is a lot to unpack from both the Majority and the Dissent in Dobbs. Ensuring that every patient’s privacy is protected is required by covered entities and business associates alike. Stay tuned for more updates in this evolving legal landscape.
Rachel V. Rose, JD, MBA, advises clients on compliance, transactions, government administrative actions, and litigation involving healthcare, cybersecurity, corporate and securities law, as well as False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.