A 2024 provision under the Health Insurance Portability and Accountability Act (HIPAA) protects reproductive health information from disclosure to law enforcement when care was legally obtained, such as in another state with abortion access. (Photo by Dave Whitney/Getty Images)

Two pending lawsuits over a 2024 federal rule protecting certain reproductive health information from disclosure are on hold while the Trump administration decides whether to appeal a Texas judge’s June decision that declared the rule unlawful and void.

U.S. District Judge Matthew Kacsmaryk issued an opinion nullifying the federal rule that shielded reproductive health information from law enforcement when care was legally obtained, such as in another state with abortion access. In this case, Dr. Carmen Purl argued that the U.S. Health and Human Services rule conflicted with the laws requiring her to report child abuse. Purl said in court documents she believes abortion and gender-affirming care fall under the definitions of child abuse.

Purl lives in the judicial district where Kacsmaryk — who has taken anti-abortion stances in the past — is the only judge. His ruling applied nationwide and took effect immediately.

Without the rule, law enforcement officials in states with abortion bans may issue subpoenas for records related to reproductive health care obtained legally in another state, as some have already recently tried to do. According to health policy nonprofit KFF, 22 states and the District of Columbia have laws limiting what reproductive health information can be obtained, but others with legal abortion access do not, such as New Hampshire and Virginia.

Abortion-rights advocates say it’s largely an intimidation tactic meant to sow fear in patients and providers. Since the Dobbs decision in 2022,  anti-abortion attorney Jonathan Mitchell filed nine petitions in Texas seeking to legally question abortion funds, providers and researchers, and two individual women who sought abortions in other states, according to the Texas Tribune.

Carmel Shachar, a Harvard law professor who has extensively researched data privacy and health policy, said it’s possible for a patient to travel to a state with legal access and have that information stored in their medical records that is shared with their providers back home.

“Without the reproductive privacy rule, the concern will be, ‘OK, will some of these states that have taken a very strong stance against abortion be able to pinpoint where residents of their states travel to receive abortion care?’” Shachar said.

Tennessee plaintiffs push for separate ruling after Texas decision

Two lawsuits challenging the legality of the rule are frozen at least until the government’s Aug. 18 deadline to appeal. One case is in Missouri, and Texas Attorney General Ken Paxton filed the other. Paxton’s office had also challenged the legality of the underlying privacy rule or HIPAA established in 2000, which could have opened more avenues for state investigations if a judge agreed to throw it out. But according to recent court filings, the state is no longer asking the court to do that.

A Tennessee lawsuit includes 17 other states that heavily restrict or ban abortion as plaintiffs. Their attorneys general asked the court to find the 2024 rule unlawful because they said it impedes their right to investigate cases of waste, fraud and abuse. In the most recent court brief, attorneys for Tennessee Attorney General Jonathan Skrmetti said the case can still be decided by U.S. District Judge Katherine Crytzer, an appointee of Republican President Donald Trump.

Until judgment is affirmed on appeal and no further appellate review is available or the deadline to appeal passes, “the plaintiff states’ claims remain live and ready for this court to resolve,” the brief said.

Legal organization continues attempts to intervene so they can appeal

The Health Insurance Portability and Accountability Act (HIPAA) allows law enforcement to obtain health information for investigation purposes. But the addition of the 2024 provision under former Democratic President Joe Biden prohibited disclosure of protected health information in investigations against any person for the mere act of seeking, obtaining, or facilitating reproductive health care, to impose criminal or civil liabilities for that conduct, or to identify the person involved in seeking or obtaining that care. It also applied to gender-affirming care.

The U.S. Department of Justice did not respond to a request for comment. Whether it appeals Kacsmaryk’s ruling is in question, as the Justice Department under Trump did not address whether it thought the 2024 rule was proper and lawful prior to Kacsmaryk’s decision. Attorneys instead said they were reviewing the rule but had no other updates. In the Missouri and Tennessee cases, DOJ attorneys have argued for dismissal for other legal reasons, but also have not defended the 2024 rule itself.

In March, the DOJ dropped the case that argued the federal law mandating stabilizing emergency care should apply to those who need emergency abortion care. And in early June, U.S. Health and Human Services rescinded guidance that said that care should be required in emergencies.

Attorneys for Democracy Forward, a nonprofit legal organization, are representing Doctors for America and the cities of Columbus, Ohio, and Madison, Wisconsin, and attempted to intervene in the case because they did not expect the government to defend the rule. If they were allowed to intervene, they could appeal Kacsmaryk’s opinion striking down the rule regardless of the Trump administration’s decision.

Kacsmaryk denied their motion, while a decision in the other three cases is pending. Carrie Flaxman, senior legal adviser for Democracy Forward, said they have appealed that denial to a higher court. Given that the Department of Justice attorneys chose not to defend the rule on the merits in court proceedings, Flaxman said, she thinks they have a good argument for appeal.

Repealing the rule was a directive in Project 2025, the blueprint document for the next presidential administration published by the conservative Heritage Foundation. Several prominent anti-abortion organizations were part of the panel that drafted Project 2025, and many of the individuals involved in writing the 900-page document now work for the Trump administration.

Like the Milwaukee Police Department (MPD), the sheriff's office is considering acquiring facial recognition applications from the company Biometrica, but civil liberties advocates are raising concerns about the technology. (Photo by Isiah Holmes/Wisconsin Examiner)

The American Civil Liberties Union (ACLU) of Wisconsin is calling on the Milwaukee County Sheriff’s Office to reconsider plans to adopt the use of facial recognition technology. Like the Milwaukee Police Department (MPD), the sheriff’s office is considering acquiring facial recognition technology from the company Biometrica. The company has offered MPD free access in exchange for 2.5 million images, jail records, and other related data of people who have passed through Milwaukee’s criminal justice system, including many who presumably haven’t been convicted of a crime. 

“Given all the public opposition we’ve seen to the Milwaukee Police Department’s push to expand their use of facial recognition, the news of the Sheriffs office’s interest in acquiring this technology is deeply concerning,” Amanda Merkwae, advocacy director for the ACLU of Wisconsin, wrote in a statement for an ACLU press release. “Law enforcement’s use of facial recognition software poses a number of serious threats to civil rights and civil liberties, making it dangerous both when it fails and when it functions.” 

Just days ago, Milwaukee County Sheriff Denita Ball revealed that her office was looking into adopting facial recognition software. Ball told county supervisors during a June 17 meeting of the Judiciary, Law Enforcement, and General Services Committee Urban Milwaukee reported, that she was assessing a data-sharing agreement for the technology. MCSO did not respond to a request for comment for this story.

Like MPD, the sheriff’s office is exploring an agreement with Biometrica, a company which has pushed back against concerns about privacy and the use of its surveillance tools. Biometrica offers a third-party facial recognition algorithm to agencies like the Milwaukee police and the sheriff’s office. The sheriff’s office states that rather than using the technology for untargeted surveillance, it aims to use facial recognition software to identify people once investigators have an image of a criminal suspect. Ball says that facial recognition would never be the sole basis for an arrest or charges, Urban Milwaukee reported.

On Thursday, the Milwaukee County Board of Supervisors will vote on a resolution requiring the creation of a regulatory process for adopting facial recognition technology. Both at the county and city government meetings, however, law enforcement agencies have been met with public skepticism about their exploration of facial recognition technologies. 

Tension bubbled up during a hearing before the Milwaukee Equal Rights Commission last week. Police department Inspector Paul Lough  said that facial recognition could provide important leads for investigations similar to those derived from confidential informants and information databases used to run names. During the hearing, MPD officials presented examples of cases in which facial recognition technology helped solve crimes. “Whether or not they would’ve…may or may not have been solved without the use of facial rec., it’s hard to say,” said Lough. “Some probably would have been, some might still be open. But the important part of it is that all of the ones that we’re going to go over are very predatory in nature where there’s exigent circumstances to solve them quickly.”

MPD Capt. James Hutchinson went over two investigations from March 2024 which utilized facial recognition technology. One involved a drive-by shooting, where a passing car opened fire on a pedestrian, who died on the scene. Hutchinson explained that MPD obtained images from surveillance cameras, which were then sent to partner agencies with the ability to run facial recognition requests. Within 16 hours, the police captain told the commission, a potential suspect had been identified. 

“We don’t know who they are when we get those pictures back, but we have ways of vetting that information, confirming the identification provided to us,” said Hutchinson. “And that’s what we did in this case.” Unique tattoos helped narrow the search to a man who was wearing a GPS bracelet. When officers went to conduct an arrest, they found two alleged shooters, their guns and the car they are believed to have used. Hutchinson said that a trial is pending for both suspects arrested in that case. 

Facial recognition was also used in a sexual assault case, which occurred two days before the shooting. A victim had been followed home in the rain by a man offering her his umbrella, and asking for money. He mentioned that he’d already tried asking for money at a nearby gas station. As they walked, he held a gun to her head and forced her into a garage where he assaulted her. Officers were able to locate the garage with the victim’s help using Google Maps, and later the gas station the man had mentioned before. Surveillance camera photos potentially capturing the man were sent to other agencies for facial recognition assistance, which came back with images of a man who was on probation for sexual assault. He was identified both by the probation agent and the victim, and was sentenced to 20 years of incarceration. 

MPD listed 13 additional cases where it used facial recognition, including a string of taco truck robberies on Milwaukee’s South Side involving a group of masked assailants. Although they appeared careful to cover their faces, one suspect let his mask down briefly, which was seen by a camera, and sent to a partner agency for identification. In that case, three to four potential suspects were identified by the technology, each with a certain percentage of certainty such as 97%, 95% and so on. After further investigation, detectives identified those responsible for the taco truck robberies as people flagged by the  facial recognition search with the lowest percentage of certainty.

During public testimony, several people expressed concerns about the accuracy of facial recognition technology. Facial recognition software has been shown to have trouble identifying non-white faces, and is prone to errors particularly when identifying people of color. Some feared that defendants might have trouble learning how facial recognition was used in their cases, and felt that police oversight was lacking. Others pointed to the 2.5 million images MPD would give to Biometrica in exchange for the software licenses, and argued that such a move would only further harm community trust in the police. Because the images include mugshots, it’s possible that people whose images were included in that transaction will not be convicted of a crime after being  arrested or detained at the jail for a period of time. Other questions included  what access federal agencies, such as Immigration and Customs Enforcement (ICE), would have to MPD’s facial recognition system. 

“As we recently found, MPD has been using facial recognition technology on the faces of Milwaukeeans for years, without being transparent with the public or the FPC,” Krissie Fung, a member of the Milwaukee Turners and Milwaukee’s Fire and Police Commission (FPC), said during public testimony. “Because there’s no standard operating procedure to provide guidelines around their process, relying on MPD to follow their own gentlemen’s agreements and internal process is just not how oversight works.” 

Fung also said MPD Chief Jeffrey Norman acknowledged when he was reappointed that there is no way to guarantee the safety of the data and faces of Milwaukeeans, and that the data would be going to a third-party company the city does not oversee and which uses algorithms the city will not be able to  access. “MPD’s proposal is to trade 2.5 million mugshots in exchange for this license which, by the way, includes my mugshot,” said Fung. “I believe that there are serious legal concerns that have not yet played out in the courts, and that would open us up to significant lawsuits.”

“I cannot help but wonder if the reason Biometrica is so thirsty to trade 2.5 million ‘jail records or mugshots’ in exchange for free access to this technology, is that they assume that those jail records are Black faces, and they clearly need more Black faces to train their inaccurate algorithm,” Fung added. “But we don’t need to let them get those Black faces from Milwaukee.”

“I don’t know a single person in this city that trusts the police,” said Ron Jansen, who has testified about law enforcement at previous city and county meetings. “So the last thing Milwaukee needs to do is hand this department a tool that creates even greater opportunity to harm the people of this city.” 

“This is not free,” Jansen added.  “… the cost is 2.5 million mugshots of residents, non-residents, whatever. Anybody who’s been through the system here in Milwaukee…2.5 million human beings…Human beings, maybe half of which or more, were never convicted of a crime. This includes people who were wrongfully arrested, or accused, or just anyone who was ever booked into their custody. And while I was writing this, I thought, ‘that also includes people who’ve already been victimized by this department.’ People who have been beaten by the police. People who have been wrongfully accused by the police. This is your biological data, my biological data, everyone’s biological data, and it is being sold to a private company without your consent, all so that they can expand their surveillance network.” 

Jansen asserted that the millions of images could include protesters, teachers, even state Rep. Ryan Clancy (D-Milwaukee), who was wrongfully arrested by MPD during a curfew. “His arrest record is likely in there,” said Jansen. He also raised the 2025 case of officer Juwon Madlock, who used his access to police databases to pass intelligence about confidential informants and the home addresses of  targets to gangs searching out rivals. “If this is already happening, imagine what will happen when their abilities get expanded,” said Jansen. 

Former Democratic President Joe Biden’s administration added the 2024 rule prohibiting disclosure of protected reproductive health information for criminal, civil or administrative investigations to the Health Insurance Portability and Accountability Act or HIPAA. (Connect Images for Getty Images)

A 2024 federal rule that shielded reproductive health information from disclosure to law enforcement when care was legally obtained, such as in another state with abortion access, was struck down by a federal judge in Texas on Wednesday evening.

U.S. District Judge Matthew Kacsmaryk of Texas’s decision applied nationwide, nullifying the rule immediately. Kacsmaryk had temporarily blocked its enforcement against Dr. Carmen Purl, who sued HHS because she said the rule created a conflict with the laws requiring her to report child abuse.

“Striking down this critical rule is cruel,” said Maddy Gitomer, senior counsel at Democracy Forward, in an emailed statement. “The 2024 HIPAA Privacy Rule has helped protect pregnant people and health care providers from invasive government intrusion into private medical information.’’

The rule did not allow disclosure of protected health information for criminal, civil or administrative investigations against any person for the mere act of seeking, obtaining, or facilitating reproductive health care, to impose criminal or civil liabilities for that conduct, or to identify the person involved in seeking or obtaining that care. It also applied to gender-affirming care.

Two other cases challenging the same rule are still pending in federal courts in Tennessee and Missouri, but it’s unclear what  Kacsmaryk’s decision means for those cases, or another Texas lawsuit led by Attorney General Ken Paxton that also seeks to strike down a broader 2000 privacy rule.

Former Democratic President Joe Biden’s administration added the rule to the Health Insurance Portability and Accountability Act, a 30-year-old federal law meant to protect patient health information, especially when that information travels between providers. The law contains exceptions for when information can be disclosed to investigators, who can subpoena records for a law enforcement matter. After the 2022 Dobbs decision returned abortion regulation to the states, prompting more than a dozen to pass abortion bans, advocates worried that such records could be used by state officials and law enforcement to investigate and prosecute patients seeking an abortion and those who help them.

Lauren Paulk, senior research counsel for If/When/How, a nonprofit that provides legal support for reproductive health care, told States Newsroom on Wednesday evening that people are still protected by the federal HIPAA law, including the foundational 2000 privacy law that requires certain procedural steps to be met before records can be subpoenaed. The 2024 rule was meant to provide reassurance to patients who are afraid to seek abortion or gender-affirming care, even where it is legal, by specifically exempting those records.

Kacsmaryk’s decision, she said, will erode trust between patients and providers and potentially damage that relationship. And it could be a sign of more actions to come.  

“There’s a laundry list of things that I think could start to be added here whenever the courts are saying there really aren’t protections for private reproductive health information,” Paulk said.

Democracy Forward, a nonprofit legal organization, filed a filed a motion to intervene earlier in the case on behalf of the cities of Columbus, Ohio, and Madison, Wisconsin, because attorneys said they no longer had faith that the U.S. U.S. Department of Health and Human Services would adequately defend the law under Republican President Donald Trump’s administration. Kacsmaryk denied that motion to intervene, and Democracy Forward appealed that decision to the 5th U.S. U.S. Circuit Court of Appeals. That appeal is pending.

“Vacating this regulation will be detrimental to the privacy rights of pregnant people across the country, and will interfere with the ability of healthcare providers and patients to communicate confidentially and openly about a patient’s health needs,” Gitomer said.

Gitomer said Democracy Forward will continue to explore all of its options to defend reproductive rights from “political interference and anti-abortion extremists.”

Conservative law firm Alliance Defending Freedom represented doctor in Texas judge’s district

Purl is the sole owner of Dr. Purl’s Fast Care Walk In Clinic in Dumas, Texas. In court documents, she said:

“I consider both a pregnant woman and her unborn child to be human persons, and both are entitled to medical care and deserve the protection of the law. I believe … that elective abortions harm patients’ health and public health.”

The location of Purl’s clinic put her in Kacsmaryk’s district, where he is the only judge. Most federal cases are assigned randomly to a group of judges in a district, but since Kacsmaryk, a Trump appointee, is the sole jurist, some advocates and attorneys have accused law firms like Alliance Defending Freedom, who is representing Purl in the case, of “judge shopping.” That phrase refers to finding a plaintiff in a certain area for the purpose of putting it in front of an ideologically friendly judge.

In an earlier high-profile case, Kacsmaryk attempted to order the U.S. Food and Drug Administration to rescind its decades-old approval of mifepristone, one of two drugs used to terminate early pregnancies and treat miscarriages. That decision was eventually returned  by the U.S. Supreme Court to a lower court for consideration.

Officials in Texas have already attempted to investigate women who left the state, which has a near-total abortion ban and other abortion-related laws, to terminate a pregnancy.

In a 65-page opinion, Kacsmaryk said the U.S. Department of Health and Human Services’ leadership under Biden “invoked HIPAA as a shield against abortion-restrictive states.” He determined the rule unlawfully limited disclosures about abuse and public health to state authorities, and said it exceeded statutory authority because it employed HIPAA to impose special rules for abortion. Such action should only be taken by Congress, he said, especially because the issues at hand are of major political significance.

“People of good faith vehemently disagree on both these issues,” Kacsmaryk wrote, referring to abortion and gender-affirming care. “These issues transcend politics, implicating anthropology, philosophy, and concepts of self. … The 2024 rule creates special rules for information about these politically favored procedures that implicate fundamental and hotly debated questions.”

A decision is imminent in three of the four cases that will determine whether individual health information for legal reproductive care remains protected by a 2024 federal rule.

Dr. Eve Espey has many stories she can tell about patients who travel to her clinic in New Mexico from their homes in Texas, where abortion laws are some of the most restrictive in the country.

In one recent case, Espey said a patient flew from Texas to Albuquerque for an abortion after her doctor advised that an autoimmune disease she has made being pregnant incredibly dangerous. At the same time, she had an IUD placed as future contraception.

Shortly after returning home, the patient had some cramping and discomfort that prompted her to have the placement of the IUD checked and make sure it hadn’t moved. But her doctor turned her away because she’d had an abortion.

“She flew back to New Mexico to get her IUD examined,” Espey told States Newsroom.

In this case, Espey’s patient voluntarily told her doctor that she’d had an abortion. But if a rule exempting reproductive health information from law enforcement investigations is struck down or altered by one of three federal cases brought by Republican attorneys general from more than a dozen states, that information could become mandatory to disclose.

A decision is imminent in three of the four cases that will determine whether individual health information for legal reproductive care remains protected by a 2024 federal rule under the Health Insurance Portability and Accountability Act (HIPAA), including a case in Texas before the same judge who tried to revoke government approval of an abortion drug.

The plaintiffs in the cases, which include 17 states that heavily restrict or outright ban abortion, say the rule undermines their state rights to investigate waste, fraud and abuse. Chad Kubis, spokesperson for Tennessee Attorney General Jonathan Skrmetti, told States Newsroom via email that the office could not comment because of the ongoing litigation. But the complaint in the case led by Tennessee said, “The final rule will hamper states’ ability to gather information critical to policing serious misconduct like Medicaid billing fraud, child and elder abuse, and insurance-related malfeasance.”

HIPAA is a federal law passed nearly 30 years ago to protect the privacy and security of patient health information, especially as that information travels between clinics in an increasingly all-digital world. It includes some exceptions under limited conditions, such as law enforcement investigations. After the 2022 Dobbs decision returned abortion regulation to the states, prompting more than a dozen to pass abortion bans, advocates worried that such records could be used by state officials and law enforcement to investigate and prosecute patients seeking an abortion and those who help them.

Former Democratic President Joe Biden’s administration sought to remedy those concerns by adding a rule to the HIPAA law in 2024 restricting disclosure of the information. Meanwhile, states with legal abortion passed their own shield laws to protect providers and patients from out-of-state investigations.

In New Mexico, doctors like Espey are protected by a shield law that covers patients, providers and those who help someone obtain an abortion. Even with that, Espey worries and makes sure she’s careful with the notes she puts into writing. Lawmakers in New Mexico have considered going further with the shield law to require patient consent for any release of reproductive health records, but that could become an issue in emergencies.

“That is a colossal barrier to a provider,” Espey said. “Somebody could come into the ER and you can’t access the fact that they had an abortion two days ago.”

Lauren Paulk, senior research counsel for If/When/How, a nonprofit that offers legal support to those seeking reproductive health care, said the rule is important to keep intact because it helps patients and providers feel safe. Without it, more people will be turned away from clinics and hospitals, she said.

“Since Dobbs, there have been documented cases of at least seven people who have died in part because they were afraid to seek care or were denied care. We know that patients see these stories too,” Paulk said. “We also run a help line, so we hear people calling in every day who are scared to seek health care.”

For many years, people have considered health privacy to be a basic right, Paulk said, and have taken it for granted that when they see a doctor, the information shared will be confidential. But she said it’s vital that it stays that way.

“Having the state involved in health care poisons the well of the patient-provider relationship,” Paulk said. “When I go to my health care provider and I can’t be frank with them, it means I’m not going to get care to the extent that I need.”

Since Republican President Donald Trump’s administration took office in January and Secretary Robert F. Kennedy Jr. is now at the helm of U.S. Health and Human Services, the agency that administers the rule, the suits have become more complicated, including how the government is responding to each case.

They are:

State of Missouri v. U.S. Department of Health and Human Services: Republican Missouri Attorney General Andrew Bailey filed this lawsuit in January, claiming that the rule infringes on state powers to investigate fraud, abuse and public health violations. U.S. District Judge John A. Ross, who was appointed by former Democratic President Barack Obama, is weighing the Trump administration’s request to dismiss the case for lack of standing. 

State of Tennessee v. HHS: Republican Tennessee Attorney General Jonathan Skrmetti filed this lawsuit in January, also claiming that the rule infringes on state powers of investigation. Republican attorneys general in 14 other states joined as plaintiffs. U.S. District Judge Katherine A. Crytzer, an appointee of Republican President Donald Trump, has been asked by the Trump administration to dismiss the case for lack of standing or grant the states’ request to block the rule. 

Purl, M.D. v. HHS: Dr. Carmen Purl, the sole owner of Dr. Purl’s Fast Care Walk In Clinic in Dumas, Texas, sued in October because she said the rule creates a conflict with the laws requiring her to report child abuse. The case is before U.S. District Judge Matthew Kacsmaryk, an appointee of Republican President Donald Trump. Kacsmaryk granted a preliminary injunction, but is expected to rule soon on a permanent injunction. 

State of Texas v. HHS: Republican Texas Attorney General Ken Paxton sued in September, claiming the 2024 rule violates state investigative authority. Paxton argued the underlying 2000 HIPAA rule should be struck down as well — a move that could open many more avenues for state investigations if it is granted. U.S. District Judge James Wesley Hendrix, a Trump appointee, has given the federal health agency two extensions of time to decide whether they want to rescind and rewrite the rule.

The judges presiding over the cases in Missouri and Tennessee, as well as the Purl case in Texas, could issue decisions at any time Missouri filed its lawsuit alone, while 14 other states with Republican attorneys general joined Tennessee’s lawsuit as plaintiffs: Alabama, Arkansas, Georgia, Idaho, Indiana, Iowa, Louisiana, Montana, Nebraska, North Dakota, Ohio, South Carolina, South Dakota and West Virginia. All but three of those states either heavily restrict or outright ban abortion, and if the lawsuits are successful, records kept by doctors and pharmacists in other states could be subpoenaed.

If the underlying 2000 HIPAA privacy rule is somehow altered by court rulings in Texas, it could have even more effects, Paulk said. If/When/How receives phone calls from therapists living in states with abortion bans who are afraid of facing criminal charges just for talking about abortion with a patient, or for not reporting a person considering an abortion to the police, she said. That’s not true under existing laws, but if privacy rules change, records like therapy notes could also be subject to investigation.

“It’s clear to me that the folks who are pursuing the overturn of these laws and the folks who are in states where they’re trying to get access to health information are seeking to criminalize people and further stigmatize health care like abortion and gender-affirming care,” Paulk said. “They want people to be afraid to access care and providers to be afraid to provide it, and they’re using this specter of punishment to do that.”

DOJ asked two courts to dismiss Republican-led lawsuits

Democracy Forward, a nonprofit legal organization, is representing the cities of Columbus, Ohio, and Madison, Wisconsin, and Doctors for America, and has attempted to intervene in all four cases — Kacsmaryk denied the request, but the other three are still pending. If any of the motions are granted, attorneys for Democracy Forward could defend the rule, because they do not think the DOJ attorneys will adequately defend it, said Carrie Flaxman, the nonprofit’s senior legal adviser.

The cities and Doctors for America filed a friend-of-the-court brief after Kacsmaryk’s denial, arguing that HIPAA is vital to protecting patient confidentiality, including the 2024 rule.

At the end of March, Trump’s Department of Justice attorneys asked the federal courts in Missouri and Tennessee to dismiss the cases for lack of standing, saying the states have not demonstrated any harm.

“Missouri’s complaint vaguely alleges that the rule impedes state investigations and requires the state to expend resources to comply with the rule’s requirements,” the motion to dismiss says. “But absent from the complaint are any concrete facts supporting these conclusory assertions of harm, which one would expect to see if the rule truly posed the risks that the state alleges.”

In Texas, Kacsmaryk ordered the Department of Justice to provide an update about the health services agency’s review of the Biden-era rule in May, and asked if they wished to pause the court proceedings while they conduct that review. Acting Assistant Attorney General Yaakov Roth told the court in a brief that the rule remains “under consideration” but no imminent action on the rule is expected. He added that they were not requesting any pause in the case.

That response differed in Paxton’s suit, which was already on hold. DOJ attorneys asked for more time to “evaluate the agency’s position in this case and determine how best to proceed.” The judge granted the extension, and another update is expected in July.

“Blocking either or both of these rules could pave the way for government investigations by Attorney General Paxton or others and threaten the foundations of medical privacy that we all rely on,” Flaxman said. “Patients nationwide should be concerned about investigations … into the most personal of their medical records.” 

Milwaukee PD officers monitor the May Day 2025 march with a Critical Response Vehicle, outfitted as a surveillance van. (Photo by Isiah Holmes/Wisconsin Examiner)

A group of 19 community organizations have joined forces to push for oversight of police surveillance in Milwaukee. Together the groups signed an open letter addressed to the city’s common council, asking it to adopt a Community Control Over Police Surveillance (CCOPS) ordinance.

The measure would require existing surveillance technologies used by the Milwaukee Police Department (MPD) to receive a public hearing and be subject to approval by the Milwaukee Common Council.  The ordinance would also require the department to produce an annual report of surveillance gear. 

“The proliferation of surveillance technology by the Milwaukee Police Department has occurred with virtually no transparency, no opportunities for community input and — without a real opportunity to reject surveillance techs or advocate for critical guardrails — presents significant threats to civil rights and civil liberties that hurts us all but disproportionately impact communities of color, queer communities, people seeking reproductive healthcare, immigrant communities, people fleeing violence, and low-income communities,” the coalition states in its letter. 

“While we trust our local elected officials in Milwaukee, in light of the current political climate and the uncertainty surrounding future administrations at both the federal and state levels (both in Wisconsin and in other states), it is critical that our community has a say in if and how invasive surveillance technologies are used, how they are deployed against residents, if and how their data is stored and shared with third parties, and whether spending our limited tax dollars on surveillance technologies is the best way to promote public safety,” the letter adds.

CCOPS ordinances have already passed in 26 cities nationwide, and calls to rein in the flow and development of police surveillance technologies have grown in recent years in Milwaukee. Last year, the American Civil Liberties Union (ACLU) of Wisconsin began advocating for CCOPS ordinances in the Badger State, prompted by a lack of discussion on the issue and the impending Republican National Convention during the summer of 2024. 

As with the 2020 Democratic National Convention four years earlier, the RNC brought with it an influx of new equipment that allowed MPD to augment its surveillance network. Before the DNC the police department upgraded its mobile phone surveillance gear, expanded a camera network capable of using automatic license plate reader technology, and purchased vans equipped with cameras and drones. The RNC likewise opened the door for a new open source intelligence software, growing MPD’s social media surveillance capabilities. 

During the summer of 2020, many people who joined protests following the death of George Floyd witnessed these technologies, and reported suspicions that they were being monitored. As time passed, investigations revealed that local police departments monitored social media closely and drew information from confidential databases, with one agency funneling much of what it’d learned into a “target list” of nearly 200 people. The list had been shared with dozens of local, state, and federal agencies from Milwaukee to Kenosha. 

Since then more attention has been focused on intelligence units such as the MPD’s fusion center, the Milwaukee County Sheriff’s “MATRIX Group”, and on technologies including drones, wiretap devices, gunshot detection sensors like Shotspotter, and spyware. More recently, Milwaukee residents have begun to express concerns about MPD’s plans to acquire facial recognition technology. 

The accumulation of these issues spurred the group of 19 community organizations to sign the letter calling for CCOPS. The coalition includes Planned Parenthood, Black Leaders Organizing Communities (BLOC), the ACLU of Wisconsin, Milwaukee Alliance Against Racist and Political Repression, Ex-Incarcerated People Organizing (EXPO), Voces de la Frontera Action, ComForce, Citizen Action of Wisconsin, the Milwaukee County League of Women Voters and others.  

The letter states that “policies are increasingly enacted, and local governments and their surveillance mechanisms will likely be used to target individuals seeking or providing these services. This scenario is particularly alarming given that Black, Brown, Muslim, queer, low-income, and immigrant communities are already disproportionately affected by law enforcement practices.” 

The letter suggests the stage is being set to repeat law enforcement spying scandals from the 1960s and ‘70s.

“Without robust oversight, we risk a resurgence of COINTELPRO-like tactics, where surveillance was used to suppress political dissent and target minority groups, including Dr. Martin Luther King Jr,” the letter states. “At a minimum, people who live, work, visit, or attend school in Milwaukee deserve to know if and how they’re being surveilled and who has access to that surveillance data.”

Protesters gather in Kenosha the second night of protests on August 24th, 2020. This was before the clashes with police later that night. (Photo by Isiah Holmes/Wisconsin Examiner)

Imagine you hear about a protest in your community and,  curious, you join your neighbors who are marching in the street. Although the protest is loud and slows down  traffic, it appears peaceful and non-violent. Then suddenly, someone throws a rock or spray-paints a building, and now you find yourself among those apprehended for felony rioting, regardless of whether you committed an act of vandalism or  know who did.

Civil rights advocates fear such a scenario if under a Republican bill that defines a riot as a public disturbance, an act of violence or a “clear and present danger” of property destruction or personal injury involving at least three people. A similar bill was introduced in 2017 by Rep. John Spiros (R-Marshfield). A new version is  (AB-88), authored by Rep. Shae Sortwell (R-Two Rivers) and Sen. Dan Feyen (R- Fond du Lac). 

People who say their property was damaged or vandalized during what the bill defines as a “riot” would also be able to seek civil damages from people or organizations that “provided material support or resources with the intent that such support or resources would be used to perpetrate the offense,” under the bill. It also prohibits government officials with direct authority over law enforcement agencies from limiting or restricting those agencies’ ability to quell vandalism or rioting, as defined by the bill.

Jon McCray Jones, a policy analyst at the American Civil Liberties Union (ACLU) of Wisconsin is concerned that the bill’s definition of a “riot” is too vague. “Using that definition, a riot could be three teenagers driving around in a car knocking off mail boxes,” McCray Jones told Wisconsin Examiner. “Technically, with this definition, a riot could be a food fight.” The bill’s language concerning people who “urge, promote, organize, encourage, or instigate others to commit a riot” is also vague according to McCray Jones, who says this aspect of the bill would open protest leaders and organizers up to criminal and civil liability, regardless of their involvement in rioting.

Sortwell and Feyen did not respond to requests for comment for this story. In written testimony before the Assembly Committee on Judiciary on May 7, both lawmakers said that riots have become more common in recent years. “We saw the destructive riots a few years ago in several metropolitan areas, including right here in Madison and Kenosha,” said Sortwell, referring to George Floyd-inspired protests and unrest in 2020. “Taking a walk down State Street, one would see busted doors and windows of businesses, products stolen, and a smashed statue of a Civil War hero. Several business owners, employees, and citizens had their lives upended.”

Feyen said that “peaceful protests are a cornerstone of our public discourse and will always be protected under the First Amendment, but a line needs to be drawn when those protests go from being peaceful to being destructive and violent.” Although the bill does not  mention specific protests, Feyen wrote, “stricter penalties are needed to deter protesters from crossing that line from protest to property destruction, vandalism, arson, and physical violence.” 

Although scenes of burning buildings and looted stores received a lot of news coverage in 2020, studies suggest that at least 96% of Black Lives Matter protests during the movement’s peak in May and June of 2020 were peaceful. Reports by TMJ4 found that 74.3% of the nearly 200 people who’d been placed on an intelligence list by police in Milwaukee county that year had never been charged with a misdemeanor or felony. Some reports, however, using data derived from insurance claims, estimate that as much as $2 billion in damage nationally occurred due to protests in 2020. 

Some residents of Kenosha – a city referenced by the bill’s authors – recall how months of non-violent protest in Kenosha after Floyd’s death were overshadowed by the unrest that  occurred in August 2020. The shooting of Jacob Blake by Kenosha officer Rusten Sheskey, which paralyzed Blake, led to days of protest and unrest, millions of dollars worth of property destruction, and ended when  then-17-year-old Kyle Rittenhouse fatally shot two people and wounded another, in what a jury later ruled was an act of self-defense. 

During committee hearings on May 7, Sortwell said that the bill seeks to punish not only people who commit vandalism but also “those people who put together the riot.”

Several groups have either lobbied or spoken out against the bill. The Wisconsin Civil Justice Council submitted written testimony opposing the bill on the behalf of “16 business associations working together on civil liability matters.” The council said that the bill would allow for civil compensation for emotional distress stemming from property destruction, noting that emotional damages are generally limited. AB-88 would also allow for any civil compensation to include attorneys’ fees, which would be another departure from current law, the council wrote. Others spoke against the bill in person on May 7, pointing to the bill’s broad language and the chilling effect it could have on political movements. 

“This bill is just a blatant attempt to stop people from protesting,” said McCray Jones. “This is a way to silence organizers from fighting for political change and threatening the status quo in power.” Organizers could potentially be sued for anything that happens at a protest, or even just for transporting someone to a protest that later turns into a riot, as defined under the bill. 

What counts as urging or promoting a riot is broad enough to include common protest chants, like “no justice, no peace,” McCray Jones said. “And if you have ambitious or politically motivated district attorneys…politically motivated prosecutors, the vagueness of this bill could be weaponized … free speech now gets criminally turned into inciting a riot.” 

McCray Jones added that he wonders what a police figure like former Milwaukee PD Chief Harold Breier — notorious for targeting and surveilling Black, brown and LGBTQ communities — would have been able to accomplish had such a law been at his disposal. 

As police departments develop their social media surveillance capabilities, it’s possible under the bill that making posts encouraging people to attend a protest could be seen as an attempt to “urge, promote, organize, encourage, or instigate” a riot under the bill. After the protests of 2020, some agencies that monitored protesters enacted new intelligence-gathering policies to help prevent broad, ideology-based surveillance.  

“I think that right now this moment gives us a very opportune chance to highlight the importance of protecting the privacy of protesters here in Wisconsin,” McCray Jones told Wisconsin Examiner. McCray Jones said he hopes debate about the bill  will become “a jumping off point to talk about not just data privacy for protesters, not just privacy from law enforcement for marginalized communities, but what does it look like to re-think our position on surveillance in the midst of this regime in D.C. that is blatantly ignoring due process, the rule of law, and civil rights.”