Navigating Data Privacy Questions Post-Dobbs

The US Supreme Court’s recent decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health Organization has raised many questions about potential efforts by law enforcement agencies to obtain data from healthcare and other service providers to detect the performance of a possibly unlawful abortion. For example, data collected by period-tracking apps, patients’ self-reported symptoms, or diagnostic-testing results might be used to establish the timeframe in which an individual became pregnant, and then demonstrate that a pregnancy was terminated, as part of investigative or enforcement efforts against individuals or organizations allegedly involved in such termination.

On June 29, 2022, the office within the US Department of Health and Human Services (HHS) that is responsible for enforcing the Health Insurance Portability and Accountability Act (HIPAA), the Office for Civil Rights (OCR), issued guidance addressing how HIPAA limits disclosures by covered entities and business associates to law enforcement agencies in the absence of a court order or other legal mandate. The guidance provides helpful insight on how OCR may use HIPAA enforcement to discourage unauthorized disclosures of protected health information (PHI) to law enforcement officials in the wake of new state laws outlawing abortion. The guidance also implicitly confirms, however, that HIPAA does not provide a complete shield against law enforcement and litigation-driven requests for abortion-related information.

Read more here.

Scott Weinstein
Scott A. Weinstein provides legal counsel on health care regulatory compliance, contracting and transactional due diligence, with a focus on health information privacy and security, Medicare and Medicaid's health information technology and quality reporting requirements, and clinical research regulations. Scott additionally provides legal counsel on federal and state privacy and data protection laws, with a focus on privacy audits and the development of internal and externally facing privacy policies for websites and mobile applications. Read Scott Weinstein's full bio.


Jayda Greco
Jayda Greco works at the intersection of healthcare regulatory, privacy and compliance, product counseling and marketing law, with particular emphasis on digital health products and services. Often working cross-functionally with stakeholders in sales, finance, marketing and product, Jayda is adept at devising creative and practical legal solutions for digital health initiatives to meet business objectives. Read Jayda Greco's full bio.


David Quinn Gacioch
David Quinn (Dave) Gacioch focuses his practice on litigation and enforcement defense, primarily related to the US healthcare sector. Dave counsels hospitals, health systems, physician practices, and other providers, along with payors, private equity sponsors, pharmaceutical and medical device manufacturers, and others involved in the US healthcare system, on compliance and risk mitigation issues. He conducts internal investigations for clients, and represents them in government investigations, enforcement actions, and civil and criminal litigation, including class actions. Read David Gacioch's full bio.


Daniel F. Gottlieb
Daniel F. Gottlieb counsels a wide range of health care industry clients, including health care providers, health plans, health information technology (IT) vendors and life sciences companies. He represents these entities on health IT acquisitions, privacy and data protection, reimbursement, fraud and abuse, and other health care regulatory and transactional matters. Daniel is a co-leader of the Firm’s Global Privacy and Cybersecurity Practice. Read Daniel Gottlieb's full bio.


Carolyn Metnick
Carolyn V. Metnick represents a range of healthcare industry clients, including hospitals and health systems, physician organizations and digital health companies. She advises on healthcare regulatory and transactional matters with a focus on health information privacy and security. Carolyn advises clients on a range of privacy and security laws, including HIPAA and the California Consumer Privacy Act (CCPA). She also counsels businesses in data breach investigations and compliance with federal and state breach notification laws. Carolyn is a Certified Information Privacy Professional/United States (CIPP/US) and a Certified Information Privacy Professional/Europe (CIPP/E). Read Carolyn V. Metnick's full bio.

BLOG EDITORS

STAY CONNECTED

TOPICS

ARCHIVES

Top ranked chambers 2022
US leading firm 2022