HIPAA and Reproductive Health

Per a court order, HHS is required to restore this website as of [February 11, 2025 at 11:59 p.m]. Any information on this page promoting gender ideology is extremely inaccurate and disconnected from the immutable biological reality that there are two sexes, male and female. The Trump Administration rejects gender ideology and condemns the harms it causes to children, by promoting their chemical and surgical mutilation, and to women, by depriving them of their dignity, safety, well-being, and opportunities. This page does not reflect biological reality and therefore the Administration and this Department rejects it.

On June 18, 2025, the U.S. District Court for the Northern District of Texas issued an order declaring unlawful and vacating most of the HIPAA Privacy Rule to Support Reproductive Health Care Privacy at 89 Federal Register 32976 (April 26, 2024). With regard to the modifications to the HIPAA Privacy Rule Notice of Privacy Practices (NPP) requirements at 45 CFR 164.520, the court vacated only the provisions that were deemed unlawful, namely 164.520(b)(1)(ii)(F), (G), and (H). The remaining modifications to the NPP requirements are undisturbed and remain in effect, see Carmen Purl, et al. v. U.S. Department of Health and Human Services, et al., No. 2:24-cv-00228-Z (N.D. Tex. June 18, 2025). Compliance with the remaining NPP modifications is required by February 16, 2026. HHS will determine next steps after a thorough review of the court’s decision.

Final Rule HIPAA Privacy Rule to Support Reproductive Health Care Privacy

On April 22, 2024, OCR issued a Final Rule, entitled HIPAA Privacy Rule to Support Reproductive Health Care Privacy. The Final Rule strengthens the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule by prohibiting the disclosure of protected health information related to lawful reproductive health care in certain circumstances. HHS issued this Final Rule after hearing from communities that changes were needed to better protect patient confidentiality and prevent medical records from being used against people for providing or obtaining lawful reproductive health care. This Final Rule bolsters patient-provider confidentiality and helps promote trust and open communication between individuals and their health care providers or health plans, which is essential for high-quality health care.

Press Release

To read the Fact Sheet (en español)

Director’s message on YouTube (en español)

Director’s Message on Attestation Compliance (December 23, 2024)

Social Media Toolkit: HIPAA Privacy Rule to Support Reproductive Health Care Privacy | en español

June 20, 2024, Presentation on Final Rule (Webinar)

June 20, 2024, Presentation on Final Rule (Slides)

For HIPAA Covered Entities or Business Associates: Model Attestation for a Requested Use or Disclosure of Protected Health Information Potentially Related to Reproductive Health Care

Guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care

OCR issued guidance explaining how the Privacy Rule permissions for disclosing PHI without an individual’s authorization for purposes not related to health care, such as disclosures to law enforcement officials, are narrowly tailored to protect the individual’s privacy and support their access to health care, including abortion care. This Guidance:

  • Reminds HIPAA covered entities and business associates that they can use and disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by the Privacy Rule.
  • Explains the Privacy Rule’s restrictions on disclosures of PHI when required by law, for law enforcement purposes, and to avert a serious threat to health or safety.
  • Read the Guidance

Protecting the Privacy and Security of Your Health Information When Using Your Personal Cell Phone or Tablet

OCR issued guidance for individuals about protecting the privacy and security of their health information when using their personal cell phone or tablet. This guidance explains that, in most cases, the HIPAA Privacy, Security, and Breach Notification Rules do not protect the privacy or security of individuals’ health information when they access or store the information on personal cell phones or tablets. This guidance also provides tips about steps an individual can take to decrease how their cell phone or tablet collects and shares their health and other personal information without the individual’s knowledge. This Guidance:

  • Explains how to turn off the location services on Apple and Android devices.
  • Identifies best practices for selecting apps, browsers, and search engines that are recognized as supporting increased privacy and security.
  • Read the guidance
Content created by Office for Civil Rights (OCR)
Content last reviewed