The finalized “HIPAA Privacy Rule to Support Reproductive Health Care Privacy” bars providers, clearing houses and their business associates covered by the Health Insurance Portability and Accountability Act (HIPAA) from disclosing protected health information to aid an investigation of patients who receive legal reproductive health care.
According to HHS’s Office for Civil Rights Director Melanie Fontes Rainer, the rule takes into account that many people are now having to travel out-of-state to receive abortion care and is designed to protect their records.
Providers in states where abortion is banned with patients who received abortion care out of state are protected by the rule with the assumption that the care was legal. A patient’s providers, whether out-of-state and in-state, can deny records requests if the services received were legal.
This rule, however, only applies in states where abortion remains legal, and it lacks provisions that Democratic lawmakers had asked for such as adding a warrant requirement for obtaining these sorts of records.
These records remain under the provisions of HIPAA, meaning they could still be obtained by a court order or if a subpoena meets a required number of conditions.
During the press briefing announcing the rule on Monday, HHS Secretary Xavier Becerra was frank about the limitations of his department’s authority.
“We have no illusion that everything that the president has urged us to do with our authorities is going to undo Dobbs,” said Becerra. “Dobbs took away rights. Until we have a national law that re-institutes Roe v. Wade, we’re going to have issues. But that doesn’t stop us from doing everything we can to protect every American’s right to access the care they need and to have the privacy they need.”
