How Does The Dobbs Ruling Impact HIPAA-Covered Entities?

The Dobbs ruling sent shockwaves across the United States and the rest of the world, sparking widespread protests and high-profile condemnation of what many people see as a fundamental breach of a women’s right to have an abortion. Instead, the decision gave individual states the full power to regulate abortion laws.

Unfortunately, many states have enacted and revived statutes restricting women’s access to abortion services. The New York Times recently confirmed that ten states, primarily located in the deep south and mid-United States, have enacted a complete ban. Other states have introduced limited restrictions on the baby’s gestational period; thankfully, many larger states like California continue to declare abortion legal.

HIPAA compliance adds a significant twist to the complexity and legal challenges of the Dobbs ruling. The Dobbs ruling requires state officials to obtain information about abortion-related health services. The Privacy Act, part of HIPAA compliance, explicitly protects the patient in this circumstance as this data can only be shared when expressly permitted by the individual.

Join us as we discover this controversial ruling’s unique complexity and learn how HIPAA legislation is trying to protect women’s rights. It doesn’t matter what side of the fence you sit on; this judgment is vitally important to the fundamental rights of all U.S. citizens.

What Is the Dobbs Ruling?

To comprehend the significance of this ruling, we need to go back to 1973, when a landmark decision was passed in the Roe V. Wade case. It enacted and ruled that the Constitution of the United States conferred the right of women to have an abortion.

Fast forward to March 2018, when this ruling was challenged by the Dobbs v. Jackson Women’s Health Organization. It took four years for the Supreme Court to deliberate, but on 24th June 2022, the Supreme Court overturned Roe v. Wade and revoked the constitutional right to abortion.

This dramatic U-turn overturned nearly 50 years of precedent. Some have suggested it is the only time in history when the Supreme Court removed a fundamental human right. Condemnation has been led by President Biden, with European leaders calling it a “huge backward step” for women’s rights.

What Are the Official HIPAA Guidelines for the Dobbs Ruling?

There are a lot of unknowns about understanding how HIPAA compliance will affect the Dobbs ruling. Patients cannot hide behind HIPAA anonymity, but HIPAA can provide limited protections. We will be in a better position after the summer when local states confirm their position on abortion.

The U.S. Department of Health and Human Services (HHS) reacted quickly to the ruling. The HHS, which governs the rules and enforcement of HIPAA compliance, promptly reminded everyone that “The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule supports such access by giving individuals confidence that their protected health information (PHI) including information relating to abortion and other sexual and reproductive health care, will be kept private.”

Unfortunately, some caveats relate to disclosure to law enforcement or state officials. HIPAA requires that any data released to the public is anonymized. Therefore, nothing identifiable should exist, not even in the state county the abortion took place. However, supposing a warrant or subpoena is granted, the covered entity has a legal obligation to release PHI because HIPAA applies to the covered entity and business associate –  it does not apply directly to individuals.

In the days after the Dobbs ruling, the HHS reiterated many existing provisions to protect women’s right to choose.

This included:

• Increased access to abortion medication and emergency contraceptives.
• Ensure patient privacy and nondiscrimination for patients and healthcare providers.
• Ensure that clinical judgment is supported in treating pregnant patients
• Ensure that all providers have training and resources to handle family planning needs.
• Take every legally available step to protect family planning care.

These distinctions draw a clear line when emphasizing when the disclosure of PHI is mandated versus permitted.

Implications of the Dobbs Ruling on the HIPAA Privacy Rule?

Over the coming months and years, there will be significant scrutiny of the disclosure, and consequences of privacy breaches, particularly for reproductive health information. As a result, federal guidance is expected to change, and covered entities must act now to understand how the changes will impact processing PHI.

• Covered entities should review their disclosure practices, ensuring that there is no breach of the HIPAA privacy rule when responding to the new requirements of the changes to state laws.
• Ensure transparency when collecting sensitive data, such as the number of abortions performed per state, so that federal privacy requirements are upheld.
• Published anonymized data should be scrutinized to ensure total anonymization is adhered to.

Conclusion

It’s evident that troubling times are ahead for women’s rights to an abortion in the United States, and there is a real chance that a post-code lottery will decide your rights. If you are in a deeply conservative state, your rights to an abortion may be blocked; likewise, if you reside in a liberal state, your rights will not be affected.

This creates an unfair playing field; unfortunately, HIPAA compliance is limited in protecting women’s rights. On the one hand, the privacy rule will block access to confidential, protected health information. On the other, if a court requests a warrant, the privacy rule becomes invalid as protected health information can be legally disclosed.

We haven’t heard the end of the Dobbs ruling, and there likely is much more to come in the following weeks and months that will clarify the position of the HHS, HIPAA, and State Law officials.