Lawsuits against the Reproductive Privacy Rule threaten patient confidentiality and abortion access in a post-Roe America.
Halfway through 2024, former President Biden’s Department of Health and Human Services (HHS) issued the Privacy Rule to Support Reproductive Health Care, or Reproductive Privacy Rule, prohibiting the disclosure of personal health information for law enforcement-related activities in the context of legal reproductive healthcare. Promulgated in response to the Dobbs decision, the rule filled a critical loophole in the existing privacy protections afforded by the Health Insurance Portability and Accountability Act (HIPAA) that otherwise would have permitted the release of this information.
Highlighting the critical timeliness of the Reproductive Privacy Rule, then-HHS Secretary Xavier Becerra emphasized that in the new post-Roe environment, abortion seekers—particularly those from ban states traveling across state lines for legal abortion care—were “scared their personal medical information [would] be shared, misused and disclosed without their consent,” thus chilling their access to lawful abortion care. Responding to this heightened fear, the rule was intended to “bolster patient-provider confidentiality and help promote trust and open communication between individuals and their health care providers or health plans, which are essential for high-quality health care.”
Not surprisingly, the Reproductive Privacy Rule was fiercely opposed during the public comment period by abortion opponents. Notably, attorneys general from 19 abortion-hostile states sent a formal letter to Becerra condemning the rule as a blatant attempt by the Biden administration to “wrest control over abortion back from the people and their elected representatives” through interfering with the ability of states “to obtain evidence that could reveal violations of their laws.”
Since its issuance, the Reproductive Privacy Rule has come under attack in three separate lawsuits by parties who deride it as a nefarious and illegitimate “political[ly] driven” response by the Biden administration to the Dobbs decision.
- The first case was filed by Texas Attorney General Ken Paxton on behalf of the state.
- The second was filed by the right-wing legal powerhouse the Alliance Defending Freedom on behalf of Texas physician Dr. Carmen Purl, owner of Dr. Purl’s Fast Care Walk In Clinic.
- Most recently, 15 state attorneys general filed a lawsuit in Tennessee on behalf of their respective abortion ban or restrictive state.
Declaring that the rule exceeds the scope of HHS’s rulemaking authority, the lawsuits seek to have it permanently enjoined.
In attacking a federal rule that facilitates cross-border abortion care, these cases are part and parcel of a concerted effort by antiabortion activists to dismantle existing national protections for sexual and reproductive health. Other examples include challenges to the FDA’s approval of the abortion pill mifepristone and its subsequent dropping of the in-person dispensation rule, and the refusal of some abortion ban states to comply with EMTALA’s requirement that hospitals must provide abortion care when it is the necessary stabilizing treatment in a medical emergency.
At the core of the challenges to the Reproductive Privacy Rule is the claim that it represents a blatant effort “to obstruct States’ ability to enforce their own laws on abortion and other laws that HHS deems to fall under the rubric of ‘reproductive health care.'” A companion claim is that the rule obstructs their ability to request records that “fall under the rubric of ‘reproductive health care'” when the records are needed to investigate other kinds of wrongdoing such as “Medicaid billing fraud, child and elder abuse, and insurance-related malfeasance.”
When it comes to the reporting of child abuse, Dr. Purl of Dumas, Texas, bemoans the exclusion of the “unborn” from the definition of “person” in the Reproductive Privacy Rule. Proclaiming that a pregnant person and their unborn child are “entitled to …the protection of state and federal law,” she slams the rule for ostensibly interfering with her legal obligation under Texas law to report the suspected abuse or neglect of a fetus, presumptively including when it is a “victim” of the abortion.
It remains to be seen how the Trump administration will respond to the multi-state suit. But in a hard-hitting response to the lawsuits filed by both by Texas and Purl, the Biden administration made clear that the Reproductive Privacy Rule was “a lawful exercise of [HSS’] statutory authority to revise its standards for the privacy of protected health information” in response to the Dobbs decision. As argued, the enhanced privacy protections for reproductive healthcare became a critical necessity in this legal landscape to ensure sensitive medical information was not “disclosed in ways that cause harm to the interests that HIPAA seeks to protect, including the trust of individuals in health care” as the result of law enforcement activities by an abortion-hostile state (or by a state hostile to gender-affirming care.)
Short shrift was also made of the vociferous objection that the Reproductive Privacy Rule interfered with the obligation to investigate wrongdoing, such as Medicaid fraud or to report child abuse or neglect, if arising in the context of protected reproductive healthcare. As the Biden administration explained, the rule “applies only to disclosures aimed at investigating or imposing liability for the mere act of seeking or facilitating lawful reproductive health care… and in no way ‘limit[s] the authority, power, or procedures established under any law providing for the reporting of disease or injury, child abuse, birth, or death, public health surveillance, or public health investigation or intervention.””
Of great concern, the baton of defending the Reproductive Privacy Rule has since been passed to an administration that is presided over by a man who has boasted being “the most pro-life president in U.S history.”
Grounded in the fear that the “federal government will likely cease defending” the rule, Doctors for America and the cities of Columbus, Ohio and Madison, Wis., are seeking to intervene as parties in both the Texas and the Purl cases. The proposed intervenors are being represented by Democracy Forward, a national legal organization that uses the law to “hold anti-democratic actors to account at the national level,” in conjunction with the Public Rights Project, which works to “close the gap between the law and the lived reality of marginalized communities.”
In addition to reinforcing the rule as “a lawful exercise of [HHS’] statutory authority,” they stress the vital importance of the rule in “maintaining and strengthening the provider-patient relationship by promoting trust between patients and providers” in the highly charged post-Roe legal ecosystem.
As argued, if, “patients believe their sensitive health information will be used by law enforcement … it endangers the very relationships that … health care providers work so hard to build.”
This concern is particularly pressing for the “historically marginalized populations” served by the Columbus and Madison public health departments due to “historical and current health care disparities … [that] can create damaging and chilling effects on individuals’ willingness to seek appropriate and lawful health care.”
As these threats to the Reproductive Privacy Rule play out in court, there are a few important caveats to keep in mind, as they may impact the privacy of your reproductive healthcare records or communications, as follows:
- The Reproductive Privacy Rule is only applicable if the abortion is legal where it occurs. This raises an important concern about its applicability in cases where pills are sent by a provider from an abortion telehealth shield state to an individual in an abortion-ban state.
- Despite what many people commonly assume, HIPAA is not applicable to personal healthcare information that is exchanged or searched for outside of the formal healthcare setting, such as by way of text message, social media posts, period tracking apps or through Googling. This means that you need to be vigilant when it comes to your protecting digital reproductive healthcare footprint.
- Separate and apart from what the courts do in these pending cases, HHS under Trump may well seek to promulgate new privacy regulations that jettison or substantially weaken existing privacy protections for reproductive healthcare.
