Maybe the 26th anniversary (coming up on August 21, 2022) of the Health Insurance Portability and Accountability Act (HIPAA) isn’t as noteworthy a milestone year as last year’s 25th, but the act remains in the headlines in 2022. HIPAA, the cornerstone patient privacy law, limits the circumstances under which covered entities (health plans, health care clearinghouses, and most health care providers) may disclose protected health information (PHI). Without an individual’s signed authorization, these regulated entities can only disclose PHI as expressly permitted or required by the privacy rule. Recently, the U.S. Department of Health and Human Services (HHS) guidance addressed disclosures to law enforcement officials as state abortion laws are changing after the Dobbs v. Jackson Women’s Health Organization ruling (Dobbs). As with any new guidance, compliance may cause disruption to business operations, so HIPAA-covered entities will want to pay attention to requirements and timeframes identified.

HIPAA Privacy Updates in 2022, So Far

The HIPAA Privacy Rule is intended to support individuals’ access to health services and give individuals confidence that their PHI will be kept private. In 2022, HHS clarified how the privacy rule applies to PHI related to gender affirming care and reproductive health care.

  • In March, the HHS Office of Civil Rights (OCR) issued clarification titled, “Guidance on Gender Affirming Care, Civil Rights, and Patient Privacy” under Section 1557 of the Affordable Care Act and privacy rules under HIPAA. This reviews existing rules to prohibit discrimination on the basis of sexual orientation or gender identity in a health program or activity that receives financial assistance from HHS.
  • In June, in response to the Supreme Court’s ruling on Dobbs, HHS issued guidance titled “HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care”. The HHS guidance:
    • Identifies when HIPAA permits disclosure of PHI without authorization
    • Reminds HIPAA-covered entities and business associates that they can use and disclose PHI, without an individual’s signed authorization, only as expressly permitted or required by HIPAA
    • Explains HIPAA’s restrictions on disclosures of PHI when required by law, for law enforcement purposes, and to avert a serious threat to health or safety.

How Are Plan Sponsors Affected by HIPAA Privacy Post-Dobbs?

For a fully insured plan regulated by state law, an insurer issuing coverage in the state would likely be prohibited from selling a plan in violation of state laws related to medical services for termination of pregnancy.  A self-funded plan governed by ERISA and ERISA would generally pre-empt state laws.  HIPAA could apply to various aspects of a health plan including medical travel benefits.

Regardless of the plan health funding status, plan sponsors should review their plans for the following:

  • Changes to state laws where they have operations
  • Plan documents
  • Data privacy policies and procedures
  • Travel and lodging benefits under EAPs or HRAs
  • Mental health parity considerations if changes are made to health benefits
  • Relocation benefits

Finally, additional guidances issued on reproductive health include an Executive Order (EO) released July 8, and FAQs addressing ACA preventive care and contraception in FAQ Part 54.  The EO asks HHS to consider further guidance under HIPAA to protect confidentiality and privacy related to reproductive healthcare.

Plan sponsors should continue to monitor any new HIPAA developments for implications to their plans. Stay tuned to the International Foundation for additional HIPAA-related guidance as its released.

Anne Newhouse, CEBS
Information/Research Specialist at the International Foundation of Employee Benefit Plans

Keep up with Word on Benefits:

Anne Newhouse

Information/Research Specialist at the International Foundation of Employee Benefit Plans Favorite Foundation Service: The Information Center! Members having the ability to have an information specialist research their topic is a great benefit. Favorite Foundation Moment: Attending the 2013 CEBS conferment ceremony in Boston as an official CEBS graduate. Benefits Related Topics That Interest Her Most: Benefit communication—helping employers understand what employees want and the way they want it communicated to them. Personal Insight: Anne may spend her days in the International Foundation employee benefits library, patiently researching answers to member questions—but after work, she’s ready to move with a bike, hike or walk in the great outdoors.

Recommended Posts

New Mental Health Parity Guidance: More Clarity, But More Compliance Obligations

Anne Newhouse

According to speaker John Barlament, Shareholder, Reinhart Boerner Van Deuren, S.C., in his webcast “New Mental Health Parity Guidance: More Clarity, But More Compliance Obligations,” held on August 30, 2023, new guidance has been “desperately needed” on the topic of mental health … Read more

Legal & Legislative Reporter: Medical Provider May Not Bring Claim on Behalf of Participants and Beneficiaries

Guest Contributor

Every month, the International Foundation releases the Legal and Legislative Reporter, a compilation of new employee benefits–related case summaries. Below is a summary we thought you’d be interested in. Content provided by Morgan, Lewis & Bockius LLP. The U.S. District Court for the … Read more

Five Steps to Nurture Belonging in the Workplace

Guest Contributor

Benefits Magazine Extras articles provide you with bonus content on a mix of benefits topics as well as deep dives and analyses on the latest benefit trends and compliance issues. Visit to see the latest Benefits Magazine Extras as well as the bimonthly print … Read more