Senators Require Change in HIPAA Privacy Rule to Forbid Disclosures of Reproductive Health Care Data to Law Enforcement

The HHS’ Office for Civil Rights has lately released guidance to healthcare companies after the overturning of Roe v. Wade subsequent to the SCOTUS Dobbs v. Jackson Women’s Health Organization judgment, which took away the right to have an abortion at the government level and granted states to create their own legislation. The guidance mentioned that the HIPAA Privacy Rule allows sharing of protected health information (PHI), which includes reproductive health care data, to law enforcement, however, doesn’t demand such disclosures. OCR revealed in the guidance the conditions that consider such disclosures of reproductive health care data as HIPAA violations according to the HIPAA Privacy Rule.

U.S. senators Catherine Cortez Masto (D-NV) and Michael F. Bennet (D-Co) lately wrote to the Secretary Xavier Becerra of the Department of Health and Human Services asking for the HHS to update the HIPAA Privacy Rule to better protect the privacy and confidentiality of health data of patients in need of reproductive healthcare.

The senators mentioned in the letter that because of the [SCOTUS] decision, patients have serious uncertainty regarding their right to privacy in connection with making decisions about having an abortion. Therefore, the Department of Health and Human Services (HHS) ought to take quick action to secure the privacy of Americans getting reproductive health care services by means of fine-tuning the HIPAA Privacy Rule.

The senators stated that when the HIPAA was approved in 1996, Roe v. Wade had actually supported the right to abortion for over twenty years. When the Privacy Rule was included in the HIPAA in 2000, it was never thought that Roe v. Wade could be overturned twenty years after. The senators recognized the work of the HHS in giving immediate guidance on the privacy of medical data associated with abortion and other sexual or reproductive health care and additionally for giving guidance to individuals on using PHI on mobile devices yet think that the HHS has to do more.

HHS needs to promptly start the process to change the Privacy Rule, adhering to all specifications of the Administrative Procedure Act, make clear definitions of a covered entity, and restrict when that entity is allowed to share details on abortion or other reproductive health services. The senators particularly asked the HHS to explain that reproductive health care data cannot be disclosed to law enforcement agencies who focus on people who got an abortion, and have asked the HHS rule regarding the Pregnancy Care Centers (aka Crisis Pregnancy Centers) requirement to conform with the HIPAA Privacy Rule.

Subsequent to the Supreme Court’s judgment in Dobbs, hundreds of thousands of Americans have lost a basic constitutional right regarding their health and reproductive decisions. All must be done to safeguard their basic right to privacy.

About Christine Garcia 1299 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at