Following the Supreme Court’s 2022 decision overturning Roe v. Wade, cross-border abortion travel has doubled due to the unavailability of “abortion services within the formal [healthcare] system” in abortion-hostile states, according to the Guttmacher Institute. These include 17 states with total bans and at least 10 others with a myriad of harsh restrictions, including strict gestational bans. Not surprisingly, these states have sought to tighten their borders in an effort to prevent those within their borders from traveling to access needed abortion care.
Although no state has yet succeeded in making it a crime for a pregnant person travel for legal abortion care, restrictive states have pursued a variety of strategies to deter cross-border access. These include criminalizing the so-called “abortion trafficking” of minors; local ordinances prohibiting transporting a pregnant person on local roads for the purpose of accessing a legal out-of-state abortion; and threatened prosecution of anyone “aiding and abetting” a cross-border abortion seeker.
Particularly ominous, Project 2025’s Mandate for Leadership advances a plan to effectuate a de facto national abortion ban by resurrecting the moribund Victorian-era Comstock Act.
Pushing back, many abortion-protective states have enacted what are known as shield laws. These measures seek to protect seekers, providers and facilitators of cross-border abortion care from investigations and legal challenges launched by a hostile home state. Although provisions vary from state to state, a generally unifying core is that they prohibit shield state actors, such as law enforcement and court personnel, from cooperating with any such proceeding, as they might otherwise do.
Vice President Harris and I will continue to call on Congress to restore the protections of Roe v. Wade in federal law, and my administration will keep taking action to protect patients and ensure access to high-quality healthcare.
President Joe Biden
At the federal level, the Biden administration has underscored that “women must remain free to travel safely to another state to seek the abortion care they need.” And while shield laws offer an important layer of protection (though it should be noted that they have not yet been tested in court), cross-border abortion seekers were notably “scared that their personal medical information [would] be shared, misused and disclosed without their consent,” according to Health and Human Services (HHS) Secretary Xavier Becerra—chilling their access to lawful reproductive healthcare.
To address this concern, in April of 2024, HHS’ Office of Civil Rights (OCR) issued the Privacy Rule to Support Reproductive Health Care under the Health Insurance Portability and Accountability Act—better known as HIPPA.
In a nutshell, the original 2000 HIPAA privacy rule protects personally identifiable health information from disclosure by health plans, healthcare providers and healthcare clearinghouses (covered entities) without the consent of the patient. However, this protection is not absolute. Of critical concern when it comes to cross-border abortion care is that it allows for the breach of the privacy shield when what would otherwise be protected health information is sought pursuant to a legal proceeding or investigation.
In this post-Roe era, this exception to HIPPA’s privacy protections has been a worrisome loophole for those engaged in cross-border abortion care.
“’Since the fall of Roe v. Wade, providers have shared concerns that when patients travel to their clinics for lawful care, their patients’ records will be sought, including when the patient goes home,” said OCR director Melanie Fontes Rainer. “Patients and providers are scared, and it impedes their ability to get and to provide accurate information and access safe and legal healthcare.”
To guard against the threat of having—as President Biden put it—the medical records of abortion patients “used against them, their doctor, or their loved one just because they sought or received lawful reproductive healthcare,” HIPAA’s new rule enhances the privacy protections for reproductive healthcare. It closes the disclosure loophole tied to legal proceedings by prohibiting covered entities from using or disclosing personal health information related to reproductive health care when it is sought to investigate, identify, or proceed legally against “any person for the mere act of seeking, obtaining, providing, or facilitating reproductive [healthcare], where such [healthcare] is lawful…”
Providers have shared concerns that when patients travel to their clinics for lawful care, their patients’ records will be sought, including when the patient goes home.
Melissa Fontes
Antiabortion Attorneys General Seek to Invalidate the Privacy Rule
During the public comment period, attorneys general from 19 abortion-hostile states submitted a formal letter to HHS Secretary Xavier Becerra in opposition to the proposed enhanced privacy rule, based on its disregard for fetal personhood. (The letter came from AGs in Mississippi, Alabama, Alaska, Arkansas, Georgia, Idaho, Indiana, Kentucky, Louisiana, Missouri, Montana, Nebraska, North Dakota, Ohio, South Carolina, South Dakota, Tennessee, Texas and Utah.)
In it, the AGs claimed Becerra’s guidance purports to address patient privacy concerns following the Dobbs decision but is actually a politicized statement in favor of abortion.
Having identified the fetus as a “patient in the womb” who is ostensibly possessed of a statutory right to privacy under HIPPA, the AGs insisted that the proposed rule is part of the Biden administration’s plot to “wrest control over abortion back from the people and their elected representatives,” in direct defiance of Dobbs.
Project 2025, the right-wing blueprint for the next Republican president, also finds fault with the HHS guidance based on fetal personhood, and demands HHS withdraw it: “HIPAA covers patients in the womb, but this guidance treats them as nonpersons contrary to law.”
Unfortunately, the enhanced privacy rule is nothing so grand. It does not touch the ability afforded to states under Dobbs to ban abortion if they so choose. Rather, more modestly but still importantly, it protects the medical privacy of those whose control over their bodies have been wrested from them by their home states.
The attorneys general failed in their mission to prevent the proposed 2024 rule from becoming final—so Texas Attorney General Ken Paxton, a signatory on the original oppositional letter, took matters into his own hands.
On Sept. 4, he filed a lawsuit against the Biden administration on behalf of the state of Texas alleging that the enhanced privacy rule is a blatant attempt “to obstruct States’ ability to enforce their own laws on abortion.” Metaphorically pounding his chest, he foreswore in a press release, “I will not allow this to happen.”
Taking a very different view of the enhanced privacy protections for reproductive healthcare, Illinois Attorney General Kwame Raoul underscored the importance of the 2024 rule, calling Paxton’s challenge to medical privacy protections “a cruel attack that only serves to instill fear and punish people across the country for accessing medical care. This action is a move to reach outside of Texas’ own borders and impose its abortion restrictions on states like Illinois where we respect bodily autonomy and a woman’s right to choose.”
The Texas challenge is pending in front of Republican appointee Judge James Wesley Hendrix in Lubbock, Texas. It is anticipated that he will be sympathetic to the state’s position, especially since he has previously expressed skepticism of rulemaking from Democratic administrations, and may well decide to prohibit the rule from taking effect. It’s likely that hearings or proceedings could take place in late 2024 or early 2025.
Any appeal would then be to the deeply conservative Fifth Circuit, which law professor Stephen Vladeck characterized as “’the Trumpest wing of legal thought’” in a recent New York Times article. Notably, it has already ruled in favor of Texas in two post-Dobbs abortion cases.
Limitations and Scope of HIPAA Protection
A few other points bear mentioning here.
First, the new HIPAA rule only applies if the care is legal where it is obtained. This raises a potential question about its applicability to self-managed abortions, where a person living in an abortion-ban state receives the pills by mail and takes them in her home state.
Also, s a general matter, HIPAA is not applicable to health information that is exchanged outside of the formal healthcare setting, such as by way of text message, social media posts, and period tracking apps. Thus privacy concerns remain a salient consideration in the internecine struggles between abortion-hostile and abortion-protective states.
At Ms. magazine, our mission is to deliver facts about the feminist movement (and those who stand in its way) and foster informed discussions—not to tell you who to vote for or what to think. We believe in empowering our readers to form their own opinions based on reliable reporting. To continue providing you with independent feminist journalism, we rely on the generous support of our readers. Please consider making a tax-deductible donation today if you value the work we do and want to see it continue. Thank you for supporting women’s voices and rights.