The Biden administration on Monday announced new rules designed to safeguard the privacy of abortion providers and patients seeking the procedure, a move which comes in response to threats from conservative prosecutors putting abortion in their crosshairs. The rules announced by the Department of Health and Human Services (HHS) will bar doctors, insurers and other health-care groups from making health information available to state officials investigating, prosecuting, or filing a lawsuit against a patient or provider. They shield both people crossing state lines to seek a legal abortion and those who are not covered under a given state’s abortion ban due to being a rape survivor, for example. The new regulations update the healthy privacy law known as the Health Insurance Portability and Accountability Act, or HIPAA, which dates to 1996 and did not anticipate today’s uncertain reproductive rights landscape. Prior to the new rules taking effect — which won’t happen for at least two months — it will remain legal for organizations to share private health information with law enforcement investigating crimes. The current rules and the charged post-Dobbs legal atmosphere surrounding reproductive care sparked an outcry from patients and providers who sought guidance about their legal rights from HHS, officials there said. HHS’s work on the new regulations has been controversial. Last year 19 Republican state attorneys general criticized the Biden administration for updating the HIPAA rules, saying in a letter that the administration sought to “wrest control over abortion back from the people in defiance of the Constitution and Dobbs.” Biden administration officials undercut that argument Monday, saying the new rules are an important victory for reproductive health patients and providers. “Many Americans are scared their private medical information will be shared, misused, and disclosed without permission,” HHS Secretary Xavier Becerra said in a prepared statement. “The Biden-Harris Administration is providing stronger protections to people seeking lawful reproductive health care regardless of whether the care is in their home state or if they must cross state lines to get it.” The new rule also requires health care providers, health plans, clearinghouses or their business associates to agree in writing that their requests for personal health information potentially related to reproductive health are not meant to be used for criminal investigations or lawsuits. Privacy advocates called the new rule an important development. “Personal health data is private and should not be used against patients seeking lawful care,” Center for Democracy and Technology CEO Alexandra Reeve Givens said in a prepared statement. “Everyone deserves access to care they need, including reproductive care, and protecting medical records and other personal health information covered by HIPAA is central to making that a reality.”
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley
is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.