- The Department of Health and Human Services has released new guidance on how HIPAA-protected information is to be treated for legally married same-sex couples. According to the agency, providers can share protected patient data with the patient's partner in a same-sex marriage without violating the Privacy Rule.
- The guidance is intended to address the impact of last year's Supreme Court decision in United States v. Windsor. The ruling overturned the section of the Defense of Marriage Act that recognized only opposite-sex marriages under federal law.
- HIPAA rules allow providers to share patient information with family members. Under the new guidance, the definition of "family member" has been clarified to be consistent with the Windsor decision by including same-sex couples who are legally married.
According to the new guidance, "...the Privacy Rule includes the terms spouse and marriage in the definition of family member. Consistent with the Windsor decision, the term spouse includes individuals who are in a legally valid same-sex marriage sanctioned by a state, territory, or foreign jurisdiction (as long as, as to marriages performed in a foreign jurisdiction, a U.S. jurisdiction would also recognize the marriage)."
That is to say, providers may share this information only with spouses who have been married in states where same-sex marriage has been legalized.
The guidance also addresses the impact of the decision on the provision of HIPAA that prevents insurers from using or disclosing genetic data for underwriting purposes. The rule, for example, prohibits health plans from using "information regarding the genetic tests of a family member of the individual, or the manifestation of a disease or disorder in a family member of the individual, in making underwriting decisions about the individual."
"This includes the genetic tests of a same-sex spouse of the individual, or the manifestation of a disease or disorder in the same-sex spouse of the individual," according to the agency.