The Dobbs Decision: How Dobbs v. Jackson Women’s Health Organization Affects Group Health Plans 4/4

July 28, 2022

As a result of the Supreme Court’s decision in the Dobbs case (Dobbs v. Jackson Women's Health Organization ), many employers, employees, and health care providers have questions concerning a patient’s right to privacy. Access to comprehensive reproductive health care services, including abortion services, is essential to individual health and well-being. The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule supports such access by giving individual confidence that their protected health information (PHI), including information relating to abortion services, will be kept private.

The Office for Civil Rights (OCR) establishes requirements with respect to the use, disclosure, and protection of PHI by covered entities (health plans, health care clearinghouses, and most health care providers) as well as their business associates. These entities can use or disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by the Privacy Rule.

There are certain scenarios where the disclosure of PHI to law enforcement agencies keeps an individual’s privacy in the forefront, so the guidance regarding the disclosure is narrow in focus.

Example: An individual goes to a hospital emergency department while experiencing complications related to a miscarriage during the tenth week of pregnancy. A hospital workforce member suspects the individual of having taken medication to end their pregnancy. State or other law prohibits abortion services after six weeks of pregnancy but does not require the hospital to report individuals to law enforcement. Where state law does not expressly require such reporting, the Privacy Rule would not permit a disclosure to law enforcement under the “required by law” permission.


Example: A pregnant individual in a state that bans abortion services informs their health care provider that they intend to seek out abortion services in another state where it is legal. The provider wants to report the statement to law enforcement to attempt to prevent the abortion services from taking place. The Privacy Rule would not permit this disclosure of PHI to law enforcement for these reasons:

As recently as July 7, 2022, a couple of senators sent a letter to HHS requesting an update of the HIPAA Privacy Rule. The goal is to seek clarification as to the definition of a “covered entity” and to limit the information shared by that entity.

We strongly recommend that any covered entity looking to disclose any information should seek legal counsel.

For more information, please contact

844-iGuy-Help Contact iGuy