Protecting The Privacy of Reproductive Health Information Post-Dobbs

This post-Dobbs summary of Federal and California Health Privacy Laws and Recommendations to Expand Protection* is written by Andrea Frey, JD, MPH, senior counsel, Hooper, Lundy & Bookman, P.C.; Kerry K. Sakimoto, JD, associate, Hooper, Lundy & Bookman, P.C.; and Robby Franceschini, JD, MPH, managing director, BluePath Health.

On June 24, 2022, the Supreme Court released its decision in Dobbs v. Jackson Women’s Health Organization, overturning Roe v. Wade and the constitutional right to an abortion. The decision authorizes state legislatures to regulate abortion, leading states to enact a patchwork of laws that span the spectrum of prohibiting to enhancing access to abortion and related reproductive health services. 

The summary notes that, in an effort to enforce restrictive laws, state prosecutors and law enforcement agencies will likely turn to patient medical records and related health care information in the search for evidence of potential civil and criminal violations, raising questions around whether existing health information privacy laws sufficiently protect both patients and health care providers. 

Although federal and state health privacy laws provide broad protection for patients regarding when and how their providers may use and share medical information, these laws are far from an absolute protection and often limited in their application, they write. 

These limitations could have significant implications for patient-provider confidentiality and the delivery of health care, particularly if patients think that their health information, including protected health information (PHI), is no longer secure and hesitate to seek necessary reproductive health services. And for those who do, their reproductive health information could be used for prosecutions in states where abortion is not legally available, according to the writers of this summary.

This fact sheet provides an overview of federal and California legal protections governing the privacy of reproductive health information post-Dobbs, the impact of data sharing obligations on such privacy laws, and what policy options may be leveraged to enhance protection of individuals’ medical information in California.

An overview of the topics covered in the fact sheet: 

  • Protection of Patient Reproductive Health Information under the Health Insurance Portability and Accountability Act (HIPAA)
    • Disclosures required by law
    • Disclosures for law enforcement purposes
    • Disclosures to avert a serious threat to health or safety
  • Limitations of HIPAA
    • Permissive disclosures
    • Limited applicability
  • California’s Confidentiality of Medical Information Act
  • California Constitutional Right to Privacy 
  • New State Legislative Privacy Measures: AB 2091 and AB 1242 
  • Impact of Federal and State Data-Sharing Obligations  
  • Office of Office of the National Coordinator for Health IT (ONC) Information Blocking Rule 
  • California’s New Data Exchange Framework (DxF)
  • Options to Enhance Legal Protections for Reproductive Health Information
    • Federal-level legislative and regulatory measures
      • HIPAA Privacy Rule amendments
      • Limits to allowable disclosures
      • Information Blocking Rule amendments
      • Technical assistance and compliance guidance
  • California-Level Legislative and Regulatory Measures:
    • Limits to allowable disclosures
    • Technical assistance and compliance guidance

*The information, statements and recommendations in this fact sheet are general in nature, do not constitute legal advice, and should not be used as a substitute for obtaining competent legal counsel. Readers should be aware that the laws, rules, and regulatory guidance are subject to change. Please contact legal counsel for any specific legal advice. Note also that this fact sheet does not provide a comprehensive overview of all applicable federal and state laws and requirements.