EDITORIAL: Can Federal HIPAA Laws be Nullified With a Simple Agreement?

After Medicaid was required to provide access to ICE of the records of all 72 million people covered by the plan, people are worried other health plans are next, while some worry that other laws are next

Natalie C. Frank, Ph.D July 17, 2025

Last Monday, the Centers for Medicare and Medicaid Services (CMS) and the Department of Homeland Security (DHS) under the Trump administration signed an agreement which allowed all Medicaid data to be turned over to ICE for the purposes of ensuring no one is fraudulently receiving benefits under the plan. Of course, if that were the only reason or even the primary reason, the data would be turned over to a regulatory body or oversite agency, not Immigration and Customs Enforcement (ICE). The main reason for this agreement is instead to attempt to find undocumented immigrants to deport them.

This move has many people upset and uncomfortable. HIPAA, the Health Insurance Portability and Accountability Act, a US federal law enacted in 1996, established standards for protecting sensitive patient health information. HIPAA aims to ensure the privacy and security of Protected Health Information (PHI).

You have to wonder how successful ICE will be in discovering the identity and addresses of a large enough group to make their goal sensical. Undocumented immigrants and many documented immigrants are not permitted to join Medicaid. The only exclusion to this rule is in the case of medical emergencies when anyone without health coverage will be covered by Medicaid.

So, the government is opening up the records of almost 72 million people in the hopes of finding what seems to amount to a handful of individuals using Medicaid improperly or for emergency reasons only – the latter of which is not considered fraud.  So, they are nullifying the right to privacy of health information of every person enrolled in Medicaid for a limited return. It’s another example of Trump’s bull in the China shop approach.

If the purpose is to find and penalize undocumented immigrants illegally using Medicaid, then this would assume they would be in the country long enough to fulfill the consequences, likely a fine. However, these people would immediately be located, arrested and deported without due process. They can pretend the primary purpose is to identify undocumented immigrants illegally enrolled in Medicaid, but the only real reason is to find and deport them.

There is also a humanitarian function of Medicaid that will likely be compromised by this move. Anyone in the country legally or illegally has the right to access Medicaid in the case of a medical emergency. With the agreement, undocumented individuals will likely begin to feel unsafe seeing care because of fear of being deported, possibly even identified by hospital staff if things go farther. Lives will be lost and people will live without healthcare including prenatal care and help during the birth process. This seems like yet another way the country is going backwards.

If you are going to yell about other countries failing to provide humanitarian assistance to people who are bombing them, you have no right to use ICE and the threat of deportation to prevent necessary medical care.

If a federal law that has become the gold standard for privacy of personal health information can be put on hold by an agreement, what law is next and who will the targets be?