On September 17, HHS issued a new guidance:
The HIPAA Privacy Rule contains several provisions that recognize the integral role that family members, such as spouses, often play in a patient’s health care. For example, the Privacy Rule allows covered entities to share information about the patient’s care with family members in various circumstances. In addition, the Privacy Rule provides protections against the use of genetic information about an individual, which includes certain information about family members of the individual, for underwriting purposes. This guidance addresses the effect of the 2013 Supreme Court decision regarding the Defense of Marriage Act (DOMA) on these provisions.
In United States v. Windsor, the Supreme Court held section 3 of DOMA to be unconstitutional. Section 3 of DOMA had provided that federal law would recognize only opposite-sex marriages. In light of the Windsor ruling, covered entities (and business associates, as applicable) must consider the following regarding lawfully married same-sex spouses and same-sex marriage.
At 45 CFR 160.103, the Privacy Rule includes the terms spouse and marriage in the definition of family member. Consistent with the Windsor decision, the term spouse includes individuals who are in a legally valid same-sex marriage sanctioned by a state, territory, or foreign jurisdiction (as long as, as to marriages performed in a foreign jurisdiction, a U.S. jurisdiction would also recognize the marriage). The termmarriage includes both same-sex and opposite-sex marriages, and family member includes dependents of those marriages. All of these terms apply to individuals who are legally married, whether or not they live or receive services in a jurisdiction that recognizes their marriage.
- The definition of a family member is relevant to the application of §164.510(b) Standard: Uses and disclosures for involvement in the individual’s care and notification purposes. Under certain circumstances, covered entities are permitted to share an individual’s protected health information with a family member of the individual. Legally married same-sex spouses, regardless of where they live, are family members for the purposes of applying this provision.
- The definition of a family member is also relevant to the application of §164.502(a)(5)(i), Use and disclosure of genetic information for underwriting purposes. This provision prohibits health plans, other than issuers of long-term care policies, from using or disclosing genetic information for underwriting purposes. For example, such plans may not use information regarding the genetic tests of a family member of the individual, or the manifestation of a disease or disorder in a family member of the individual, in making underwriting decisions about the individual. This includes the genetic tests of a same-sex spouse of the individual, or the manifestation of a disease or disorder in the same-sex spouse of the individual.
This guidance was developed to assist covered entities in understanding how the Windsor decision may affect certain of their Privacy Rule obligations. In the coming months, OCR intends to issue additional clarifications through guidance or to initiate rulemaking to address same-sex spouses as personal representatives under the Privacy Rule.
You can download this in pdf from HHS’s site.