White House tweaks HIPAA to shield medical files of those seeking reproductive care

In theory, this should make it harder for states to compel data-sharing to enforce anti-abortion laws

A revision to America's healthcare privacy rules aims to better protect abortion providers and patients seeking the procedure — and other types of reproductive care, such as in vitro fertilization and contraception — as some US states ban procedures and attempt prosecutions.

A US Department of Health and Human Services (HHS) edict, issued Monday, modifies the 1996 Health Insurance Portability and Accountability Act (better known as HIPAA) to increase protections for sensitive information about one's reproductive health.

Specifically, the change prohibits doctors, insurers, healthcare clearinghouses, and other medical organizations from disclosing people's protected health information (PHI) to state officials and law enforcement officers investigating patients and providers, when it relates to abortions and other reproductive care and depending on the situation.

The revision also provides some safeguards for providers in states where abortion is banned, as well as for patients crossing state-lines to terminate a pregnancy or get access to other reproductive healthcare.

Outcomes of the changes mean that, for instance, doctors in states that have banned abortions can't be compelled to hand over to police investigators medical records belonging to patients who traveled out-of-state for a legal abortion. Additionally, it requires these providers and healthcare organizations to agree in writing that these medical files won't be used for criminal investigations or other law enforcement purposes.

As the HHS itself put it, the update "restricts certain uses and disclosures of PHI for particular non-healthcare purposes, ie: for using or disclosing PHI to conduct a criminal, civil, or administrative investigation into or to impose criminal, civil, or administrative liability on any person for the mere act of seeking, obtaining, providing, or facilitating lawful reproductive healthcare, or to identify any person to initiate such activities."

Since the US Supreme Court overturned constitutional protections to abortion in the case of Dobbs v. Jackson Women's Health Organization almost two years ago, 14 US states have enacted total abortion bans, and at least 41 have imposed some type of restrictions.

"This changing legal landscape increases the likelihood that an individual's PHI may be disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in healthcare providers and the healthcare system," the revised rules state [PDF].

"The threat that PHI will be disclosed and used to conduct such an investigation against, or to impose liability upon, an individual or another person is likely to chill an individual's willingness to seek lawful healthcare treatment or to provide full information to their healthcare providers when obtaining that treatment, and on the willingness of healthcare providers to provide such care."

The new rule will take effect in June.

In a press conference on Monday, HHS Director of the Office for Civil Rights Melanie Fontes Rainer emphasized the protected information extends beyond abortion care.

"If a person receives reproductive healthcare, such as a pregnancy test or treatment for an ectopic pregnancy, and that reproductive healthcare is lawful in the state where the care is received, the information about the care cannot be disclosed or used by the healthcare provider or health plan for an investigation, or to impose liability by law enforcement on the patient or the provider," she told reporters.

Rainer added: "If the reproductive healthcare like contraception is protected, required or authorized by federal law, including the constitution, that may also not be used or disclosed based on this rule." ®

More about


Send us news

Other stories you might like