Senators Ask HHS to Update HIPAA Privacy Rule, Defend Reproductive Rights

July 07, 2022 - US Senators Michael Bennet (D-CO) and Catherine Cortez Masto (D-NV) asked HHS to consider updating the HIPAA Privacy Rule to better defend reproductive rights in a recent letter.

The Supreme Court’s decision to overturn Roe v. Wade has raised significant data and patient privacy concerns in recent weeks, prompting the HHS Office for Civil Rights (OCR) to release guidance on patient privacy and rights under the HIPAA Privacy Rule.

“When HIPAA was signed into law in 1996, Roe v. Wade had upheld the right to an abortion for over two decades,” the letter stated.

“When the HIPAA Privacy Rule was issued in 2000, it would have been unimaginable that the Supreme Court would strip away this fundamental right more than 20 years later.”

The Senators expressed their appreciation for OCR’s guidance, which explained how HIPAA protects medical information relating to abortion care and the extent to which that information is protected on personal cell phones and tablets. However, the Senators reasoned that HHS could provide even more clarity on the HIPAA Privacy Rule’s reach and limitations.

“We urge HHS to immediately begin the process to update the Privacy Rule, following all requirements under the Administrative Procedure Act, to clarify who is a covered entity and to limit when that entity can share information on abortion or other reproductive health services,” the letter continued.

Senators Bennet and Cortez Masto urged HHS to update HIPAA to determine that reproductive health information cannot be shared with law enforcement agencies targeting individuals for having an abortion and that Pregnancy Care Centers are also required to follow the HIPAA Privacy Rule.

“The decision to start or expand a family is intensely personal and private. When patients speak with their providers about options for contraceptives, the progression of their pregnancy, or their choices to terminate a pregnancy, they expect those conversations to remain confidential,” the letter concluded.

“The individual liberty to make those decisions, and the conversations surrounding them, must be protected.”

In other recent data privacy news, Google recently announced plans to heighten its data privacy practices and said it would delete location history when users visit abortion clinics, domestic violence shelters, fertility centers, weight loss clinics, addiction treatment centers, and other facilities.

The announcement came a month after a group of 40 Congressional Democrats sent a letter to Google asking it to stop collecting and retaining location information, which they said could be used by prosecutors to identify people obtaining abortions. 

Additionally, a group of US Senators introduced the Health and Location Data Protection Act just days before the Supreme Court’s ruling, which would ban data brokers from selling location and health data.

As privacy concerns grow following the Supreme Court’s decision, regulators, providers, and tech companies will be forced to adapt and pivot their strategies to maintain data privacy.