guides

State Health Privacy Laws in 2025: What Protects Your Period

The Biden-era HIPAA amendment protecting reproductive health data was vacated in 2025. What remains: a patchwork of state laws. Washington, California, Nevada

The protection gap for reproductive health data in consumer apps is real, documented, and not fixed by any single federal law. Understanding what protections actually exist — and where they apply — is the starting point for making informed decisions about which apps can safely hold your data. What HIPAA Actually Covers (And What It Doesn't) HIPAA is the most commonly cited health privacy law in the US, and it's commonly misunderstood. HIPAA applies only to covered entities : healthcare providers, health plans, and their business associates. It does not apply to: Period tracking apps Fitness apps Wellness platforms Employer wellness programs (unless operating as a health plan) Life insurance companies Most consumer health technology This gap was intentional in 1996, when HIPAA was passed — consumer health apps didn't exist. The gap has never been legislatively closed at the federal level. The FTC Act gives the Federal Trade Commission authority over "unfair or deceptive acts or practices," which it has used to take action against health apps that violated their own stated privacy policies (the Flo case). But FTC enforcement is reactive, complaint driven, and doesn't establish affirm