HIPAA Reproductive Health Care PHI Rules: Compliance Date Approaching

PDF

On April 26, 2024, the U.S. Department of Health and Human Services (“HHS”) published new HIPAA regulations imposing additional requirements on covered entities to safeguard the privacy of protected health information (“PHI”) that relates to reproductive health care (“Reproductive Health Care PHI”) These new Reproductive Health Care PHI rules are set to go into effect on December 23, 2024, except that the new Notice of Privacy Practices requirements will not go into effect until February 16, 2026.

As anticipated, on September 4, 2024, a lawsuit was filed in the District Court for the Northern District of Texas, under which the State of Texas is challenging the validity of the new Reproductive Health Care PHI rules. Notably, the District Court for the Northern District of Texas is the same federal court that recently overturned other health-related mandates, including parts of the ACA’s preventive care rules and previous HHS guidance applying HIPAA’s privacy and security rules to online tracking technologies. Given the track record of this court, there is a possibility that the court could temporarily enjoin, or even overturn, the Reproductive Health Care PHI rules before or soon after they take effect.

Nonetheless, as the December 23, 2024 compliance date quickly approaches, we are recommending that clients proceed with taking steps to comply with the new Reproductive Health Care PHI rules, since these rules will be applicable law (absent them being enjoined or overturned) and it will take some time and preparation to comply. It is recommended that plan sponsors update their business associate agreements and other HIPAA compliance documents to address the new rules by no later than December 23, 2024, and plan sponsors are required to update their plans’ Notices of Privacy Practices by no later than February 16, 2026. Our Firm is currently working with clients to prepare such updates. If you have any questions or would like our assistance updating your company’s HIPAA compliance documents, please do not hesitate to contact any member of Maynard Nexsen’s Employee Benefits and Executive Compensation practice group.

This Client Alert is for informational purposes only and should not be construed as legal advice. The information in this Client Alert is not intended to create and does not create an attorney-client relationship.