A recent decision by the Missouri Court of Appeals for the Eastern District has clarified that the Health Insurance Portability and Accountability Act (HIPAA) does not unequivocally shield agencies from disclosing de-identified health information related to gender-affirming care. In the case concerning Planned Parenthood’s requirement to deliver documents on gender-affirming healthcare for youth, the appellate court overturned a previous ruling. This prior ruling had suggested that only the patient could authorize the release of their medical records.
The appellate decision emerged from the Missouri Attorney General Andrew Bailey’s civil investigative demand (CID), probing whether Planned Parenthood Great Rivers contravened Missouri’s consumer protection laws by offering gender-affirming services to minors. The three-judge panel determined that the sought-after information did not encompass protected or privileged health data. Significantly, they noted that while HIPAA restricts the improper disclosure of protected health information (PHI), it does not extend these protections to de-identified health data.