Hunton Andrews Kurth writes:
On June 18, 2025, the U.S. District Court for the Northern District of Texas vacated the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (the “Final Rule”) issued by the U.S. Department of Health and Human Services (“HHS”) under the Biden Administration. The Final Rule had amended the HIPAA Privacy Rule to limit the circumstances in which protected health information (“PHI”) about reproductive health care could be used or disclosed for the purpose of (1) conducting a criminal, civil or administrative investigation into any person for seeking, obtaining, providing or facilitating lawful reproductive health care, or 2) identifying individuals in connection with such investigation.
U.S. District Court Judge Matthew J. Kacsmaryk ruled that HHS overstepped its authority in promulgating the Final Rule, citing constitutional concerns, the Dobbs v. Jackson Women’s Health Organization decision, and the major-questions doctrine, which limits agency authority on politically significant matters without clear Congressional approval.
Read more at Privacy & Information Security Law Blog.