Senators Request HIPAA Privacy Rule Changes to Better Protect Reproductive Health Care Information

Two senators have written to the Secretary of the Department of Health and Human Services asking for changes to be made to the HIPAA Privacy Rule to better protect the privacy of individuals seeking reproductive healthcare services.

For the past 50 years, women in the United States have had the right to have an abortion, but that right was removed for many millions of Americans with the recent decision of the U.S. Supreme Court in Dobbs v. Jackson Women’s Health Organization, which overturned the 1973 ruling in Roe v. Wade. The decision of the Supreme Court was that the Constitution of the United States does not give individuals a right to an abortion, and while abortion was not banned, it became the responsibility of each state to introduce its own law on the legality of abortions. Several states have already introduced restricted abortions, with estimates suggesting restrictions will be implemented in as many as half of U.S. states.

In response to the ruling, the HHS’ Office for Civil Rights issued guidance to healthcare providers and individuals on how the HIPAA Rule limits disclosures of protected health information, including reproductive health care information, and provided examples of when such disclosures to law enforcement would constitute HIPAA violations. Guidance was also issued on how to improve the privacy and security of data when using applications on cell phones and tablets.

Senators Michael F. Bennet (D-Co) and Catherine Cortez Masto (D-NV) explained in their letter to HHS Secretary, Xavier Becerra, that the ruling of the Supreme Court that took away the right of Americans to make their own health and reproductive decisions needs more than just guidance on current HIPAA protections, although the HHS was praised for its swift action in issuing guidance on the matter.

The senators have called for the HHS to make an update to the HIPAA Privacy Rule to better protect the privacy of Americans seeking reproductive health care services. The senators pointed out that the HIPAA Privacy Rule was introduced in 2000, three decades after Roe v. Wade, and that at the time it was unthinkable that the fundamental constitutional right of individuals to make their own health and reproductive decisions would be taken away.  If it was known then what would happen in 2022, the Privacy Rule, in all likelihood, would have included greater protections for reproductive health care information.

“We urge HHS to immediately begin the process to update the Privacy Rule, following all requirements under the Administrative Procedure Act, to clarify who is a covered entity and to limit when that entity can share information on abortion or other reproductive health services,” said the senators in the letter. “Specifically, HHS should clarify that this information cannot be shared with law enforcement agencies who target individuals who have an abortion.” Further, the senators have called for the HHS to require Pregnancy Care Centers (also known as Crisis Pregnancy Centers) to comply with the HIPAA Privacy Rule.

“When patients speak with their providers about options for contraceptives, the progression of their pregnancy, or their choices to terminate a pregnancy, they expect those conversations to remain confidential. The individual liberty to make those decisions, and the conversations surrounding them, must be protected,” said the senators.