With the popularization of doulas, even with mothers who have already seen an obstetrician. This popularity is reflected in the following quote from the American Public Health Association study ‘Role of Doulas in Improving Maternal Health and Health Equity Among Medicaid Enrollees, 2014‒2023’, “The White House recommended coverage for doula services to help expand the perinatal workforce to address provider shortages and increase provider diversity in its 2022 Blueprint for Addressing the Maternal Health Crisis.”
It should be noted that due to the strict definitions of covered entities and business entities, doulas are often not covered under HIPAA. HIPAA primarily governs covered entities, such as healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates, who handle protected health information (PHI) on their behalf.
Doulas generally do not fall under these categories because they are not licensed healthcare providers and typically do not bill insurance or maintain medical records. However, if a doula receives, stores, or transmits PHI on behalf of a covered entity, they may become a business associate under HIPAA
Based on a Journal of Obstetrics, Gynaecological and Neonatal Nursing study on the joint roles of nurses and doulas in maternal care, “Today, this woman is often called a doula; what is different now is how the doula fits into the medical environment. Her role has evolved along with the institutionalization of childbirth and perhaps even because of it.”
Doulas are defined as non-medical professionals who provide emotional, physical, and educational support to women during childbirth and postpartum. Unlike doctors or nurses, doulas do not perform clinical tasks.
Instead, their primary responsibilities revolve around offering comfort, encouragement, and assistance in understanding and navigating the birthing process. They advocate for the mother's wishes, assist in creating birth plans, and provide continuous labor support, including techniques for pain management and relaxation.
HIPAA is a federal law in the United States that sets standards for the protection, confidentiality, and security of health information. The HHS section for professionals on Privacy expands on the function of HIPAA, specifically stating, “The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other individually identifiable health information (collectively defined as ‘protected health information’) … The Rule requires appropriate safeguards to protect the privacy of protected health information and sets limits and conditions on the uses and disclosures that may be made of such information without an individual’s authorization.”
It primarily applies to three types of entities:
See also: What is the HIPAA Privacy Rule?
A Birth study on tthe role of doulas in communities of color and amongst Medicaid recipients noted, “In the United States (US), 17% of women report experiencing at least one form of mistreatment during labor and birth... especially low-income women of color—27% of whom reported mistreatment—compared with low-income White women (19%).”
Doulas provide non-medical support and care to women during childbirth and the postpartum period. Their services are more focused on emotional, physical, and educational support rather than clinical or medical care. Doulas do not perform medical procedures, diagnose conditions, or engage in the kind of electronic transactions (like medical billing or electronic health records transfer) that are primarily regulated by HIPAA.
Despite this lack of coverage under HIPAA, it does not free doulas from the responsibility of maintaining confidentiality and privacy regarding their clients' information. Many doulas adhere to ethical standards set by their certifying organizations, which often include maintaining client privacy.
See also: What is protected health information (PHI)?
When a doula steps beyond independent practice and becomes formally integrated into a healthcare team, such as being hired by a hospital, clinic, or medical group, their responsibilities around privacy and data security can change dramatically. In these settings, doulas may be given access to patient health records or asked to share information about the individuals they support. If this happens, the doula’s role shifts from being a supportive companion to one that also meets the federal definition of a business associate.
Under HIPAA, business associates are any individuals or organizations that perform services involving PHI on behalf of a covered entity (like a hospital or clinic). This means the doula must comply with HIPAA’s Privacy and Security Rules, which include implementing safeguards like secure communication, encrypted data storage, and strict access controls to protect sensitive patient details.
For example, if a doula is part of a hospital’s perinatal care team, she might need to sign a BAA, formally acknowledging her responsibility to protect PHI according to HIPAA standards. This agreement outlines the specific privacy and security measures required and the consequences for failing to follow them.
The expectations for privacy and security are even more explicit in state Medicaid programs that reimburse doulas as part of the healthcare system. An issue brief by the Assistant Secretary for Planning and Evaluation on doula care and the correlation to maternal health notes, “Medicaid covers over 60 percent of all births among Black and AI/AN individuals... coverage for doula services is one option to improve the maternity care experience.
In those cases when doula services are covered by Medicaid, the level of payment, the ease of enrolling in insurance arrangements, and the administrative burden of getting paid all may affect access and availability of doula services.”
This training allows doulas to understand how to handle PHI safely, recognize potential privacy risks, and know what steps to take if a breach occurs. For example, in states like California and Oregon, HIPAA training is a mandatory part of the certification process for Medicaid doulas, alongside other requirements like CPR certification and doula-specific education.
PHI refers to any information about health status, provision of health care, or payment for health care that can be linked to an individual.
HIPAA regulations apply to covered entities such as healthcare providers, health plans, and healthcare clearinghouses, as well as to business associates who handle PHI on their behalf.
Doulas are typically not considered covered entities under HIPAA because they usually do not engage in activities that involve the use or disclosure of PHI in electronic forms covered by HIPAA.