Is Disclosing Someone’s Pregnancy a HIPAA Violation? Doctors vs. Employers Explained

HIPAA Coverage and Pregnancy Information

What HIPAA covers

Under HIPAA, pregnancy status is Protected Health Information (PHI) when it is created or received by a health care provider, health plan, health care clearinghouse, or their business associates. These are collectively called Covered Entities. If a clinician, clinic, or insurer learns you are pregnant in the course of care, that fact—and anything that reasonably identifies you—must be safeguarded.

PHI includes any past, present, or future physical or mental health condition, which plainly encompasses pregnancy and related test results, ultrasounds, and treatment plans. When PHI exists, HIPAA’s privacy and security rules apply to collection, storage, use, and disclosure.

What HIPAA does not cover

HIPAA does not protect information held by an employer in its role as employer. Employment records—even if they include health details—are not PHI. If a manager learns you are pregnant from a conversation or workplace observation, HIPAA does not apply. That said, other laws restrict how employers may use and share medical information and protect you from discrimination, as explained below.

Disclosure Rules for Covered Entities

General rule and authorizations

A Covered Entity may not disclose pregnancy information without your valid written authorization unless a specific HIPAA permission or requirement applies. Authorizations must describe what will be disclosed, to whom, for what purpose, and include an expiration date and your signature. You may revoke an authorization in writing at any time, and providers must honor it going forward.

Common permitted disclosures (without authorization)

• Treatment, payment, and health care operations (for example, sharing prenatal records with a specialist or your insurer).
• Disclosures required by law or for public health reporting (such as certain communicable disease reports, where state law requires it).
• Health oversight, judicial or law-enforcement requests that meet HIPAA’s specific conditions.
• Serious and imminent threat to health or safety, consistent with professional judgment.
• Limited disclosures to an employer for work-related medical surveillance or workplace injuries, but only when strict conditions are met and you receive written notice.

Outside these narrow categories, a doctor, hospital, or health plan telling your employer you are pregnant without your authorization is typically a HIPAA violation. Even confirming a patient’s pregnancy to a caller can be improper if identity is reasonably identifiable.

Employer Status and Legal Protections

Employers are not usually Covered Entities

Employers are generally not subject to HIPAA when acting as employers. However, an employer’s group health plan is a Covered Entity, and any PHI the plan receives must be walled off from the employer’s employment records. Employers sponsoring health plans must keep plan PHI separate and limit which workforce members can access it for plan administration only.

Other laws that protect workers

The Pregnancy Discrimination Act (PDA) forbids discrimination based on pregnancy, childbirth, or related medical conditions. Using or spreading pregnancy information to deny opportunities, demote, or harass an employee can violate the PDA.

The Family and Medical Leave Act (FMLA) provides eligible employees with job-protected leave for prenatal care, pregnancy-related incapacity, and bonding. Employers must maintain confidentiality of FMLA medical certifications and keep them separate from personnel files.

The Americans with Disabilities Act (ADA) requires confidentiality for medical information obtained through disability-related inquiries or exams and prohibits discrimination based on pregnancy-related impairments that qualify as disabilities. Medical information obtained for accommodation must be stored separately and shared only with those who need to know.

The Genetic Information Nondiscrimination Act (GINA) restricts employers from requesting, using, or disclosing genetic information. While pregnancy itself is not “genetic information,” results of fetal genetic tests or family medical history are. Employers who obtain such information must keep it confidential and may not use it in employment decisions.

Employee Consent and Disclosure to Employers

How to authorize a provider to share information

If you want a provider to confirm your pregnancy to your employer—for example, to support leave or accommodations—you can sign a HIPAA authorization directing the provider to disclose specific information. Limit the authorization to what is needed (for instance, confirmation of pregnancy and anticipated due date) and specify your employer or HR as the recipient. Set a reasonable expiration date and keep a copy.

FMLA and routine workplace documentation

For FMLA, providers typically complete certification forms that you deliver to HR. A provider may send the form directly only if you authorize it. Your employer may follow up with you for clarifications but may not demand full medical records. Under the ADA, if you request an accommodation, your employer may seek documentation about functional limitations—not detailed diagnoses—and must keep any medical details confidential.

Revoking consent and minimizing disclosure

You can revoke a prior authorization in writing; your provider must stop future disclosures. To minimize exposure, ask your provider to disclose only the minimum necessary and avoid open-ended releases. At work, provide medical documents only to HR or the designated leave administrator, not to supervisors or coworkers.

Legal Recourse for Unauthorized Disclosure

If a provider improperly discloses pregnancy information

You may file an Office for Civil Rights Complaint with the U.S. Department of Health and Human Services. OCR investigates HIPAA violations and can require corrective action and impose penalties. While HIPAA does not create a private lawsuit for damages, you may have state-law claims (such as breach of confidentiality or negligence) depending on your jurisdiction.

If an employer misuses or spreads pregnancy information

If disclosure leads to discrimination, harassment, or retaliation, you can pursue remedies under the Pregnancy Discrimination Act, the ADA (for disability-related aspects and confidentiality breaches), and possibly GINA if genetic information is involved. You can also raise FMLA interference or retaliation claims when leave rights are compromised. Preserve evidence, use internal complaint channels, and consider contacting the EEOC or a qualified attorney promptly, as deadlines can be short.

Reporting Requirements and Exceptions

When pregnancy information may be disclosed without authorization

HIPAA allows—but does not require—certain disclosures without authorization, such as when a law mandates reporting, for public health activities, or to avert serious threats. These exceptions are narrow and context-specific. Routine workplace curiosity, convenience, or supervisor requests do not qualify.

Minors and representatives

Where a parent or legal guardian is a personal representative, they may access a minor’s PHI unless state or other laws give the minor specific privacy rights for reproductive care. Providers must navigate these rules carefully and disclose only as appropriate under applicable law.

Employer-directed exams

When an employer sends an employee for a fitness-for-duty or surveillance exam, HIPAA may permit a provider to disclose conclusions (such as work restrictions) to the employer in limited circumstances. Even then, details unrelated to fitness or legal compliance—like confirming pregnancy when not relevant—should not be shared without authorization.

Employer Restrictions on Medical Information Sharing

Confidentiality duties inside the workplace

Under the ADA, any medical information an employer obtains must be stored separately from personnel files and shared only with those who need to know (for example, supervisors about restrictions, first-aid personnel for emergencies, or government investigators). Gossiping about an employee’s pregnancy or broadly notifying staff is improper and can be unlawful when it fuels discrimination.

Handling leave and accommodation documents

FMLA certifications, doctor’s notes, and accommodation records should be restricted to HR or leave administrators. Supervisors generally should receive only functional information (such as schedule changes or restrictions), not diagnoses or pregnancy details.

Genetic information safeguards

Under the Genetic Information Nondiscrimination Act, employers must not request or disclose genetic information, including fetal genetic testing results and family medical history, except in narrow circumstances. If such information is inadvertently received, it must be treated as confidential and not used in employment decisions.

FAQs.

Is pregnancy information always protected under HIPAA?

Pregnancy information is protected when it is PHI held by a Covered Entity (for example, a clinician, hospital, health plan) or its business associate. The same information in an employer’s personnel file is not PHI, though other workplace laws still restrict how it may be used and shared.

Can employers legally disclose an employee’s pregnancy status?

HIPAA generally does not apply to employers, but other laws do. Sharing pregnancy details widely can violate the Pregnancy Discrimination Act, and medical information obtained through leave or accommodation processes must be kept confidential under the ADA and FMLA. Employers should limit disclosures to a strict need-to-know basis.

What legal protections exist against pregnancy discrimination at work?

The Pregnancy Discrimination Act prohibits discrimination based on pregnancy, childbirth, or related medical conditions. The Family and Medical Leave Act protects eligible leave and records confidentiality. The Americans with Disabilities Act bars discrimination based on qualifying pregnancy-related impairments and requires confidentiality of medical information. GINA protects against misuse of genetic information, such as fetal genetic test results.

How can an employee report a HIPAA violation related to pregnancy information?

If a health care provider or health plan improperly discloses your pregnancy information, you can file an Office for Civil Rights Complaint with the U.S. Department of Health and Human Services. You may also raise concerns with the provider, consider state-law claims, and seek legal advice. For employer misconduct, consider internal complaints and filing with the EEOC under applicable employment laws.