Beginning Dec. 23, 2024, covered entities and their business associates must comply with stricter HIPAA privacy protections for reproductive health care. These new protections prohibit regulated entities from using or disclosing protected health information (PHI) related to lawful reproductive health care:
- For a criminal, civil or administrative investigation into (or proceeding against) a person in connection with reproductive health care; or
- To identify an individual, health care provider or other person for purposes related to such an investigation or proceeding.
In addition, regulated entities must obtain a valid attestation when a request is made to use or disclose PHI potentially related to reproductive health care for certain purposes to ensure that the use or disclosure is permissible.
Action Steps
Employers with self-insured health plans and employers with fully insured health plans that have access to PHI (other than certain limited types) should update their HIPAA policies and train affected members of their workforce on the new restrictions for PHI related to reproductive health care. Although the new privacy protections do not specifically require updates to business associate agreements, employers should review the terms of their agreements to determine if updates should be made. In addition, the U.S. Department of Health and Human Services has provided a model attestation form that employer-sponsored health plans may use to ensure a requested use or disclosure of PHI complies with the new privacy protections. Health plans must also update their HIPAA privacy notices for the new privacy protections, although they have until Feb. 16, 2026, to make these updates.
Related Blogs
Gag Clause Prohibition and Attestation Requirement
Effective in 2020, the Consolidated Appropriations Act, 2021 (CAA) prohibits health plans and health insurance issuers from entering into contracts with health care providers, ...
Read More
HHS Releases Hardship Exemption Guidance for Catastrophic Coverage
On Sept. 4, 2025, the U.S. Department of Health and Human Services (HHS) issued guidance describing circumstances under which individuals who are enrolling in ...
Read More
WHAT LOOKS LIKE A PHARMACY BENEFIT SOMETIMES ISN’T: THE J-CODE CONUNDRUM
From what I’ve seen, more than three quarters of employers are facing at least one J-code issue. And because medically administered and infused drugs ...
Read More
Keeping Up with Compliance Quarterly—Q3 2025
Keeping up with compliance developments can be difficult and time-consuming. This quarterly update highlights recent legal developments to help your organization stay on top ...
Read More
Small Changes, Big Impact: Low-Cost Ways to Support Employees through Inflation
As inflation headlines re-emerge, many employers are contemplating shifts in their remote and hybrid work policies. Organizations are working hard to balance two competing ...
Read More
DOL Issues Updated Model Employer CHIP Notice
The U.S. Department of Labor (DOL), through its Employee Benefits Security Administration (EBSA), has released a new model Employer CHIP Notice with information current ...
Read More