Skip to Content

HHS Adopts Vital New Rule Protecting Patient Data about Lawful Reproductive Care

(WASHINGTON) — Today, the Department of Health and Human Services’ (HHS) Office of Civil Rights issued a new rule to support reproductive health privacy under HIPAA. The rule protects patient privacy by prohibiting, in certain situations, the disclosure of medical records and other HIPAA-protected health information related to lawful reproductive health care in the wake of the Dobbs decision.

The Center for Democracy & Technology (CDT) commends HHS for undertaking this critically necessary privacy work. Issuing this rule will help ensure that doctors, health care providers, and insurers keep private elements of patients’ records relating to lawfully-provided health care that might otherwise be disclosed to law enforcement for abortion-related investigations. 

Alexandra Reeve Givens, CDT’s President & CEO, said:

“Personal health data is private and should not be used against patients seeking lawful care. Everyone deserves access to care they need, including reproductive care, and protecting medical records and other personal health information covered by HIPAA is central to making that a reality. Critically, in announcing today’s rule, Secretary Becerra and Office of Civil Rights Director Fontes Rainer emphasized the Department’s commitment to enforcing these protections; a welcome step to ensure that patients are able to seek the care they need from trusted providers. We thank HHS for undertaking this important work to protect patients’ privacy and maintain patient-doctor confidentiality.”

Today’s rule is the result of a lengthy comment process that saw comments filed by medical experts, stakeholders from the reproductive rights community, and health privacy advocates. It is grounded in HIPAA’s existing and robust privacy protections and adds provisions to ensure that patient health data is not shared and used against patients or health care providers for seeking and providing lawful reproductive health care. 

Last summer, CDT filed comments supporting the proposed rule and detailing additional ways HHS could protect a wider variety of reproductive health data, strengthen the rule’s attestation requirement, and educate people about the new changes. Even without heeding all of our suggestions, the new rule will go a long way in protecting patients.

CDT looks forward to reviewing the full final rule and working with HHS, privacy professionals, and other partners to support broader awareness of the rule and its impact for patients and providers. 

***

The Center for Democracy & Technology (CDT) is the leading nonpartisan, nonprofit organization fighting to advance civil rights and civil liberties in the digital age. We shape technology policy, governance, and design with a focus on equity and democratic values. Established in 1994, CDT has been a trusted advocate for digital rights since the earliest days of the internet. The organization is headquartered in Washington, D.C., and has a Europe Office in Brussels, Belgium.