Protection of Health Information Under HIPAA and the FTC Act: A Comparison [July 28, 2022] [open pdf - 771KB]
From the Document: "On June 24, 2022, the Supreme Court decided 'Dobbs v. Jackson Women's Health Organization' [hyperlink], overturning 'Roe v. Wade', and holding that the U.S. Constitution does not confer a right to abortion. Following the decision, individual states [hyperlink] may begin to prohibit abortions or enforce preexisting bans on abortion, including through the imposition of criminal penalties. This has raised concerns by some regarding the privacy of medical information from law enforcement investigations, particularly reproductive health information held by providers, health plans, smartphone apps, and others. Although Congress is considering legislation [hyperlink] to establish a nationally applicable consumer privacy framework for digital information generally, current federal laws addressing the privacy of health information are not uniform and may depend on the type of entity holding such data. Specifically, the Privacy Rule [hyperlink] of the Health Insurance Portability and Accountability Act of 1996 [hyperlink] (HIPAA) generally applies only to protected health information (PHI) held by certain health-care-related entities, known as 'HIPAA covered entities'. In contrast, some non-HIPAA covered entities' privacy practices may be regulated by the Federal Trade Commission Act [hyperlink] (FTC Act)."
CRS Legal Sidebar, LSB10797
Congressional Research Service: https://crsreports.congress.gov/