Federal guidance for Texas providers issued in wake of privacy concerns over abortion ruling


Boram Kim


Abortion providers in Texas received guidance on patient privacy on Wednesday in the face of potential criminal liability for service provisions.

The Department of Health and Human Services (HHS) outlined guidance that clarified the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA).


Stay one step ahead. Join our email list for the latest news.



The rule guards a patient’s protected health information (PHI) from being used or disclosed beyond the authorized health care realm.

Texas providers are only obligated to disclose PHI to law enforcement officials under court order, and the information disclosed would only be specific to what is authorized in that order.

Providers are not required to disclose private medical information to third parties under any other circumstances.

“How you access health care should not make you a target for discrimination. HHS stands with patients and providers in protecting HIPAA privacy rights and reproductive health care information,” said HHS Secretary Xavier Becerra in a statement.

“Anyone who believes their privacy rights have been violated can file a complaint with OCR (Office for Civil Rights) as we are making this an enforcement priority. Today’s action is part of my commitment to President Biden to protect access to health care, including abortion care and other forms of sexual and reproductive health care.”

HHS also clarified what consumer information is protected—and what isn’t—when using menstruation trackers and other health information apps on smartphones.

Texas women are being advised to protect their health information held on smartphones such as data entered into health apps, internet search history, and geolocation data. 

HIPAA privacy, security, and breach notification rules do not protect the privacy or security of individuals’ health information when they access or store their information on personal digital hardware and software.

Officials advise consumers to turn off location services on smartphones and tablets and to use apps that put an increased focus on privacy and security.

Concerns over privacy protections were raised after Texas Attorney General Ken Paxton said last week that “abortion providers could be criminally liable for providing abortions” under a 1925 state ban predating Roe vs. Wade when a trigger law takes effect in 2 months.

The ACLU of Texas, representing a coalition of abortion providers in the state, filed a lawsuit in district court on Monday against Paxton, arguing that the 1925 statute, which had been off the books and unenforceable for decades, should be invalidated.

The suit claims the state’s trigger laws would be inconsistent with the 1925 law, creating complications surrounding due process.

On Tuesday, Judge Christine Weems issued a temporary restraining order on the enforcement of the nearly century-old ban, which allows Texas abortion clinics, for the time being, to continue providing services to women who are up to 6 weeks pregnant.