The US Supreme Court’s June 2022 decision in Dobbs v. Jackson Women's Health Organization, which overturned Roe v. Wade and held that the U.S. Constitution does not confer a right to abortion, has created significant confusion and uncertainty for businesses operating and investing in the healthcare industry.
Impacted organizations include life sciences companies and their strategic partners and investors who focus on products such as pharmaceuticals, medical devices, and diagnostic tests; healthcare service providers such as hospitals, abortion clinics, primary care providers, fertility clinics, and physician practice groups; and digital health companies, telemedicine and tele-counseling providers, and other emerging industry platforms. The aftershocks are being felt across the industry.
The legal and enforcement landscape is complex and remains in flux. It will continue to evolve rapidly as a result of legislative activity, judicial challenges, and the outcome of the upcoming midterm elections. It is therefore critical to understand the key federal guidance that has been issued since the Dobbs decision and to appreciate the ongoing challenges in reconciling federal and state regulations.
Dobbs raises many questions
Following Dobbs, there is likely to be conflict among the agencies that enforce federal laws and some agencies that enforce current and future state laws affecting reproductive rights. The conflict will raise many questions, including the following:
- What is the definition of personhood, property ownership rights, and human reproductive tissue?
- Does the definition of pregnancy include eggs that are fertilized via IVF or fertilized embryos in cryostasis?
- How does the law define termination? Does termination include pharmaceuticals or other products used to terminate pregnancy or treat conditions associated with miscarriage?
- When does stabilizing treatment become emergent treatment?
How these questions are answered will have significant consequences for the health and wellness industry. Healthcare providers could lose their licenses or permits to practice, including state board certifications. They could also face criminal and civil fines and penalties. Drug companies could lose their state distribution and wholesale licenses. Digital health companies may have to turn over private patient data stored on their apps, which could significantly affect their businesses. And some stakeholders could be excluded from Medicare which would be financially devastating for many providers who depend on government reimbursement.
In the wake of Dobbs, the federal government has sought to reassert its authority to provide safeguards and guarantee protections, including in relation to data privacy and the right to health services.
Data privacy protections
The US Department of Health and Human Services (HHS) understands the significance of personal health data, and is clearly expecting ongoing conflicts between state prosecutors seeking to enforce restrictive state abortion laws and federal authorities. Since the Dobbs decision, HHS has been issuing guidance and reminders to its stakeholders (providers, patients, and pharmacies) about their obligations under federal law. Following Dobbs, HHS’s first guidance focused on when an entity must disclose protected health information under the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA has privacy and security rules designed to protect health information that is transmitted, maintained, stored, or disclosed by covered entities. Under HIPAA, these covered entities include health plans, health providers, and healthcare clearing houses and business associates — companies and individuals that perform services on behalf of covered entities. There are, of course, exceptions to the HIPAA privacy rules. Most notably, a covered entity or business associate can only use or disclose protected health information if it has a patient’s signed authorization to do so. Without patient authorization, disclosure needs fall under one of the permissive exceptions to HIPAA.
The exceptions to the HIPAA privacy rules that HHS emphasized in its guidance are disclosures (i) required by law, (ii) for law enforcement purposes, and (iii) to prevent a serious threat to health or safety. HHS reminded its stakeholders that these are permissive disclosures and not required disclosures. In other words, stakeholders can respond to a subpoena under HIPAA under specific circumstances set forth by HHS; however, providers do not have to respond to that subpoena under HIPAA.
HIPAA generally will not apply to data stored on third-party digital health apps. However, following Dobbs, there was widespread confusion about the protections that HIPAA provides for health data stored on third-party apps such as period trackers, which led to significant user misunderstandings about digital health and wellness apps and “data dumping.” To address this confusion, HHS released guidance for patients and the public more broadly to remind individuals about the steps that they can take to protect the personal health information that they may have shared with digital health apps.
Obligations to provide health services
Another important release from HHS following Dobbs came from the agency’s Centers for Medicare & Medicaid Services, which issued guidance to help healthcare providers reaffirm their obligations under the Emergency Medical Treatment and Labor Act (EMTALA). Under EMTALA, any individual that presents to a hospital emergency room for care must be stabilized and treated or transferred to another facility for treatment, regardless of their ability to pay for their care. Therefore, under EMTALA, pregnant patients or patients dealing with complications associated with pregnancy or miscarriage who present to an emergency room for care must be stabilized and/or transferred, as determined in the treating physician’s personal medical judgment.
Many emergency room providers and healthcare systems are concerned that EMTALA will require them to provide stabilizing care that includes abortion in states where it is illegal to provide abortion services. Federal laws, including EMTALA, trump state laws, including state abortion laws. However, even though EMTALA preempts state laws, many providers who need to make life-saving clinical decisions in emergent situations continue to be concerned about the risk of violating state laws that have criminal penalties.
The HHS’s Office of Civil Rights (OCR), which enforces HIPAA, also released guidance in July 2022 directed at retail pharmacies, reminding them that refusing to distribute a pharmaceutical product to a patient dealing with pregnancy or miscarriage complications would be considered discrimination under HHS civil rights laws. In addition, OCR sent a letter to health insurers reminding them that they have an obligation under the Affordable Care Act (ACA) to provide coverage for contraceptive care, which is one of the many preventive care services covered by the ACA’s mandate.
We are just beginning to understand Dobbs’ implications
The Biden Administration issued an Executive Order (“Protecting Access to Reproductive Healthcare Services”) shortly after the Dobbs decision was released. While not containing the detailed guidance and instruction of the subsequent HHS releases, the Executive Order did specifically list goals of safeguarding access to abortion, protecting privacy, promoting patient and provider safety and security, and coordinating federal efforts to protect reproductive rights. The Executive Order also underscores for stakeholders in the healthcare industry – whether insurers, providers, manufacturers, or patients – that HHS is looking closely at Dobbs and its far-reaching implications for the industry.