A hot topic in U.S. healthcare today is the Supreme Court of the United States (SCOTUS) decision to overturn Roe v. Wade. Since the landmark case formerly had guaranteed the constitutional right to abortion nationwide for nearly 50 years, this significant change in public policy has undeniably impacted healthcare professionals.

Questions of legality, liability and patient responsibility arose in the wake of state trigger laws that changed abortion access overnight. The decision affected healthcare entities in every state – not only those limiting access to the procedure but also those that expect to manage a new influx of out-of-state patients. Conversations began almost immediately about more legislative changes still to come. In the turmoil, many have begun looking ahead toward future policy changes that may potentially include the criminal prosecution of individuals seeking abortions in neighboring states.


The BIG question on everyone’s mind in the healthcare world is: “What can I legally disclose?” The only thing we know for sure is that this situation will continue to evolve over the coming years. That said, it is extremely important, from both healthcare provider and risk management perspectives, to be considering this vital question now. Even though we know circumstances already vary greatly from state to state and will only continue to shift further, it’s a good idea to get re-familiarized with the formal basics of patient privacy. When doing so, it’s also helpful to imagine these applicable questions and possible future scenarios within the context of your unique, field-specific situations, as well as reconsider specific ways in which you might protect yourself, your organization and your patients moving forward.


The Health Insurance Portability and Accountability Act of 1996 (HIPAA) deserves some extra attention in a post-Roe America. Most of us feel that our health information should be protected and that we should have both access to our personal records and control over who sees them. In a nutshell, HIPAA gives you rights over your health information, creates national standards to protect sensitive information and sets rules for healthcare providers and insurance companies. The Department of Health and Human Services (HHS) and the Offices for Civil Rights (OCR) administer and enforce the rules, making sure that health information is protected while allowing the proper flow of information needed to provide high-quality healthcare.

One specific rule, known as the Privacy Rule, sets rules and limits on who view and receive protected health information; these are considered “covered entities” and include healthcare providers who use electronic transactions and records, health plans and healthcare clearinghouses. Generally speaking, when it comes to law enforcement, there are some circumstances under HIPAA in which these covered entities are permitted to disclose protected health information, but that does not necessarily mean that they are required to do so.

A good team of resources, ranging from healthcare providers, risk managers and legal entities, will help discern what is needed on a case-by-case basis. While some situations clearly need law enforcement involvement (for instance in the case of a gunshot wound), other circumstances may be more nuanced. From a risk management perspective, this means that professional judgment, policy and ethical principles play a significant role in navigating the realms of both privacy protection and legal compliance.


In the wake of the SCOTUS decision to overturn Roe v. Wade, the HHS provided new guidance for healthcare providers and others in the industry that offers a bit of clarity on what is generally considered permitted versus required under HIPAA, with examples of potential scenarios that helpfully contextualize the information. Considering these scenarios within the framework of your own organization may help you to form new best practices moving forward so that you can keep yourself, your organization, your clients and your patients protected. Click here to read more about the HHS’ new guidance.

A HIPAA infraction can have serious financial, professional, and potentially criminal consequences if someone deliberately obtains and/or discloses someone else’s protected health information. So, where do we go from here? With so many questions looming about the future of healthcare in the U.S., perhaps the best thing we can do right now is to remain vigilant by:

  • Asking the right questions to get closer to solutions
  • Making HIPAA a priority by training and retraining staff
  • Consulting the right experts to help navigate the changing times

This complex situation is still changing day by day, with simple, straightforward solutions feeling out of reach. It is clear to see that attention to detail and subtleties are going to be great tools for determining the best ways to prepare for the future. Whether you are a new or experienced risk manager or a healthcare provider, the Napa River team is here to help you. Contact us to find out how we can offer a clear path to those solutions by offering a personalized plan that will allow your organization to Move Forward Fearlessly.


Dedicated and available team members are ready to help you.

Jose L. Guzman, Jr.

Vice President & Director, Risk Management

Email Jose

Rebecca Weber, JD

Vice President & Chief Claims Officer

Email Rebecca

Bonnie Katubig

Healthcare Claims Manager

Email Bonnie

Francine A. Thomas

Assistant Vice President & Risk Manager

Email Francine

Suzanne Shields