The Columbus City Attorney is seeking to participate in two federal lawsuits in Texas to uphold HIPAA privacy laws that protect patient healthcare information.
The Columbus, Ohio City Attorney’s Office seeks to intervene in two lawsuits filed in Texas federal court, aiming to protect patient healthcare information privacy laws. The lawsuits, initiated by the State of Texas and a Texas-based medical provider, challenge the enforcement of two Health Insurance Portability and Accountability Act (HIPAA) provisions established in 2000 and strengthened by the Biden administration in 2024. The City of Columbus wants to join the cases as a defendant to defend these laws, which broadly safeguard patient healthcare information from public disclosure.
The move comes amid the U.S. government's transition from President Joe Biden to President Donald Trump, a shift suspected to bring changes to federal healthcare regulations, including those tied to abortion rights and patient privacy.
Read also: Summary: Biden-Harris rule supporting reproductive health care privacy
In September 2024, Texas Attorney General Ken Paxton filed a complaint in federal district court against HHS and the Office for Civil Rights (OCR), challenging the HIPAA Privacy Rule to Support Reproductive Health Care Privacy (Final Rule). Texas argued that the Final Rule is unlawful and seeks to vacate it. The state is one of several U.S. states that prohibits abortion with limited exceptions for the life and health of the pregnant patient, subjecting those in violation to criminal and civil penalties. Texas made four legal arguments against the two regulations: Congress preserved State investigative authority within the HIPAA statute; the HIPAA statute does not give OCR authority to promulgate rules that limit how covered entities may share information with states; the regulations have harmed the state; and the regulations are arbitrary and capricious under the Administrative Procedure Act.
The HIPAA provisions at the center of these lawsuits are key to safeguarding patients’ medical information. The 2000 law laid the foundation for healthcare privacy by protecting patient data from public disclosure, while the 2024 rule added further protections, particularly for sensitive areas like reproductive health care.
Texas Attorney General Ken Paxton’s lawsuit challenges the enforcement of these provisions, partly to support the state’s strict abortion ban. Texas law allows private citizens to file lawsuits against those assisting with abortions, incentivizing them with cash rewards or "bounties." However, HIPAA makes it difficult to obtain the medical records needed to prove such cases, leading Paxton to argue against the privacy protections.
Other states, including Idaho and Oklahoma, have adopted similar bounty-style enforcement mechanisms, intensifying the stakes for healthcare privacy.
According to WOSU public media, City Attorney Klein said, “No matter your politics, we should all agree that protecting a patient’s medical information should be a top priority. Patients who seek care should have the assurance that their interaction with a healthcare provider remains confidential.”
Klein warned of the consequences of rolling back privacy protections, saying, “Without them, anyone’s personal health data could then be accessible by employers or those who want to prosecute lawful medical care. That’s just not right.”
Columbus Health Commissioner Dr. Mysheika Roberts echoed these concerns, highlighting the impact on public health services.
“Patient privacy laws are not political. They are in place to give patients control over their own personal health information and how it can be shared, which is critical to building trust and getting the healthcare services they need, when they need them," Roberts said.
The outcome of these lawsuits could set a precedent with far-reaching implications for healthcare privacy across the United States. The Columbus City Attorney’s Office argues that dismantling HIPAA protections would jeopardize patient trust and hinder public health efforts in cities like Columbus, which provides direct medical services to over 10,000 patients annually.
These services include immunizations, reproductive care, HIV treatment, and healthcare for new mothers. Klein stressed how confidentiality ensures access to essential healthcare, particularly for sensitive services like abortion care, contraception, and sexual health.
See also: HIPAA Compliant Email: The Definitive Guide
The Privacy Rule establishes standards for the protection of personal health information (PHI). It gives patients rights over their health data, including the right to access their records, request corrections, and restrict sharing of information.
Go deeper: What is the HIPAA Privacy Rule?
HIPAA ensures the confidentiality of health records, including those related to abortion and reproductive care. This can protect patients from legal action in states with restrictive abortion laws.
Read also: Reproductive health: Rules, rights and compliance
Reproductive healthcare includes contraception, prenatal care, fertility treatments, abortion services, sexual health screenings (e.g., STIs and HIV testing), cancer screenings (e.g., cervical and breast), and menopausal care.