Tag: Health Information

File folders containing medical records.

How Dobbs Threatens Health Privacy

Nicolas P. Terry Leave a comment

By Wendy A. Bach and Nicolas Terry

Post-Dobbs, the fear is visceral. What was once personal, private, and one hoped, protected within the presumptively confidential space of the doctor-patient relationship, feels exposed. In response to all this fear, the Internet exploded – delete your period tracker; use encrypted apps; don’t take a pregnancy test. The Biden administration too, chimed in, just days after the Supreme Court’s decision, issuing guidance seeking to reassure both doctors and patients that the federal Health Privacy Rule (HIPAA) was robust and that reproductive health information would remain private. Given the history of women being prosecuted for their reproductive choices and the enormous holes in HIPAA that have long allowed prosecutors to rely on healthcare information as the basis for criminal charges, these assurances rang hollow (as detailed at length in our forthcoming article, HIPAA v. Dobbs). From a health care policy perspective, what is different now is not what might happen. All of this has been happening for decades. The only difference today is the sheer number of people affected and paying attention.

Read More

Filing a Complaint with HHS About a HIPAA Violation: A Warning About “How (Not) To”

kvantassel Leave a comment

By Leslie Francis

I posted in June about the fact that my social security number (and possibly other personal information) had been downloaded to an unknown site in Eastern Europe as part of a large security breach from the Utah state health department.  In connection with that breach, I have filed a complaint with the Office for Civil Rights at HHS (OCR).
I thought readers might like to know, however, that the process of complaining about a HIPAA violation to OCR is cumbersome indeed.  There are forms available on line, here.  You can open them, and fill in information, but you can’t save them.  If you close the form, you lose all the data. You also can’t file them online–you have to print them out and fax them off.  (You are helpfully told, however, to “print out a copy for your records.”)  I finally figured out that if you save the form to notepad before you fill it out, you can then email it to HHS–but this required a telephone call to the appropriate regional office of HHS.

When I pointed out to OCR that this process is not exactly user-friendly, they indicated that they are “working on it.” Imagine someone without a home computer, or a home fax machine, or a home printer, using public library computers in the effort to reach OCR about what they regard as a significant problem with their health information. Surely in a world of blue buttons and digital Medicare strategies, see Responsive Design and the New Medicare.gov, the ability to file a complaint about possible violations of health information security or confidentality should be an easier online process.