Skip to content

HHS Issues Notice of Proposed Rulemaking on Reproductive Health Care Privacy

April 18, 2023

The U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR), recently issued a Notice of Proposed Rulemaking (NPRM) that would prohibit the use or disclosure of protected health information (PHI) to investigate and prosecute patients, providers, and others involved in the provision of reproductive health care. The proposed rule is intended to strengthen HIPAA’s Privacy Rule to protect patient-provider confidentiality and prevent private medical records from being used against people seeking or providing lawful reproductive health care.

The NPRM follows in the aftermath of the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization which overturned its ruling in Roe v. Wade. After the Dobbs decision, President Biden signed Executive Order 14076, directing HHS to consider taking action to further protect sensitive reproductive health care information and patient-provider confidentiality. The proposed changes to HIPAA’s Privacy Rule would only apply where the disclosure is “primarily for the purpose” of investigating or imposing liability with respect to reproductive health care in states where such health care is lawful or protected by Federal law, regardless of whether the investigation or proceeding arises in the same or a different state. In all other situations, covered entities would still be permitted to use and disclose PHI as permitted by HIPAA.

OCR’s proposed rule would extend additional privacy protections for providers, insurers, patients, and others to safeguard PHI when that information otherwise would be disclosed or used to identify, investigate, sue, or prosecute someone for seeking, obtaining, providing, or facilitating lawful reproductive health care. Under the proposed rule, reproductive health care includes but is not limited to prenatal care, abortion, miscarriage management, infertility treatment, contraception use, and treatment for reproductive-related conditions such as ovarian cancer.

The requirements in the NPRM, if finalized, would require covered entities to obtain attestations from those requesting reproductive health care information. Under the proposed rules, covered entities will be required to obtain signed attestations from the requestors of PHI related to reproductive health care for health oversight activities, for judicial and administrative proceedings, for law enforcement purposes, or to coroners and medical examiners before using or disclosing the PHI to the requesting party. The attestations must verify that the use or disclosure is not for a prohibited purpose. Where a covered entity determines that the attestation was materially false, they are required to terminate the use or disclosure of the PHI. Covered entities would also need to revise and redistribute their Notices of Privacy Practices to include information on prohibited uses and disclosures.

Covered entities should review the NPRM and submit comments on the proposal to HHS during the 60-day comment period. In the meantime, the current HIPAA Privacy Rule remains in effect, and the existing Privacy Rule permits, but does not require, certain disclosures to law enforcement and others, subject to specific conditions.

The views and opinions expressed in the article represent the view of the authors and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is it intended to be a substitute for professional legal advice. 

Related Practice Areas

Subscribe for the latest

Subscribe

Related

Event

2025 California Labor and Employment Law Symposium

Join Clark Hill for a full-day symposium exploring the most pressing legal issues facing California employers today. Our California Labor & Employment attorneys, along with colleagues from our Immigration and Cybersecurity/Data Privacy groups, will provide practical insights, legal updates, and strategic guidance across a range of workplace topics. Whether your role is in-house counsel, HR leadership, or company executive, this event is designed to equip you with the tools to help navigate California’s ever-evolving employment landscape.

Explore more
Event

Webinar: End of Year Privacy Check-In: What’s Changed, What Hasn’t and What’s Happening in 2026

Attendees will gain insights specific insight into the definition of ADMT under the new rules, common in-scope use cases and requirements, risk assessment and cybersecurity audit obligations and expectations for regulatory focus in 2026. You’ll walk away with a “check-list” of compliance priorities for 2026.

The session will provide practical guidance for legal, compliance, and business teams preparing for compliance deadlines and navigating emerging privacy risks.

Explore more
Legal Updates

Section 232 tariffs expand to medium and heavy-duty vehicles, parts, and buses

On Oct. 17, President Donald J. Trump issued a proclamation under Section 232 of the Trade Expansion Act of 1962 imposing sweeping new tariffs on medium- and heavy-duty trucks, truck parts, and buses, marking the first time that the United States has applied Section 232 measures to an entire vehicle class outside the passenger car segment. The new tariffs, 25 percent on trucks and key truck parts and 10 percent on buses, will take effect on Nov. 1, and will apply according to the rules on tariff stacking.

Explore more

The Clark Hill approach is equally pragmatic and growth-minded, which is why we understand our clients’ toughest business challenges. Our multidisciplinary, global team of advisors focuses on smart legal solutions, delivered simply.

© 2025 Clark Hill PLC.