Federal Judge Blocks ICE Use of Medicaid Data for Deportation Enforcement

(CONNECTICUT) A federal judge on August 13, 2025, ordered a preliminary injunction blocking federal immigration authorities from using Medicaid data for deportation or other enforcement. The ruling follows a multistate lawsuit led by California and joined by 19 other states, with Connecticut Attorney General William Tong among those pressing the case.

The states argued the U.S. Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS), including Immigration and Customs Enforcement (ICE), violated long-standing privacy protections when they shared personal health information for immigration enforcement. They say the agencies bypassed required transparency and ignored the risk of “chilling” patients’ access to routine and urgent care.

What happened: CMS disclosure and scope

In mid-July, the Centers for Medicare & Medicaid Services (CMS) under President Trump disclosed personal data for about 79 million Medicaid enrollees to DHS, including ICE.

• States say those files included names, addresses, Social Security numbers, immigration status, and health claims for residents in California, Washington, Illinois, and the District of Columbia.
• The move marked a sharp break from earlier practice that kept health data separate from immigration enforcement to protect patients and public health.

According to state filings, the July handover was linked to the 2025 federal budget reconciliation law, H.R. 1, signed on July 4, 2025. That law directs $170.7 billion over four years toward immigration and border operations, including increased deportation capacity and expanded partnerships with state and local police.

• States argue that using Medicaid files in that enforcement context would spread fear in clinics and emergency rooms, pushing immigrant families away from care.

Court order and immediate effects

The injunction, issued on August 13, immediately bars DHS and ICE from using Medicaid enrollee data for immigration enforcement while the case proceeds.

• This provides a layer of protection for millions of people whose information was disclosed.
• It does not resolve the lawsuit or the final legality of the disclosure; it halts any current use of the data as evidence or for targeting during this preliminary phase.

Connecticut’s William Tong and other attorneys general cited multiple federal laws they say were violated, including:

• Social Security Act
• Privacy Act
• Health Insurance Portability and Accountability Act (HIPAA)
• Administrative Procedure Act (APA)

They contend the agencies failed to provide proper notice or go through rulemaking and that the disclosure risked chilling access to health services.

“Reckless and unprecedented,” said California Attorney General Rob Bonta, warning the sharing would make people afraid to go to the doctor even when sick.

Advocacy groups and patient organizations that filed supportive briefs or voiced concern included:

• Electronic Frontier Foundation (EFF)
• Electronic Privacy Information Center (EPIC)
• Protect Democracy Project
• National Bleeding Disorders Foundation (NBDF)
• Hemophilia Federation of America (HFA)

Under the order, ICE and DHS cannot use the Medicaid files to identify, locate, or question people based on what was shared. Public health experts said the pause could help rebuild trust in clinics where mixed-status families—often with U.S. citizen children—face hard choices between getting care and avoiding risks tied to their information.

Policy context and legal arguments

On July 14, 2025, HHS changed the definition of “federal public benefits.” That update restricted access by many lawfully present and undocumented immigrants to an additional 13 programs, expanding the total restricted list from 31 to 44.

• Taken together with stronger enforcement, states and advocates argue these steps create a climate of fear that deters families from seeking routine checkups, prenatal care, and chronic disease treatment.

The lawsuit’s legal claims include:

1. Agencies acted without the public process required for major policy changes (APA concerns).
2. Violations of the Privacy Act and HIPAA because individuals did not consent to sharing health data with immigration agents.
3. Conflict with the Social Security Act’s limits on how federal benefit records may be used.

The court found there is a serious question on the merits and that the harm from data misuse could not be undone later—meeting the standard for a preliminary injunction. The case will proceed with further briefs and hearings to determine the final outcome and whether a permanent injunction is appropriate.

Practical implications and limits of the ruling

Analysis (e.g., by VisaVerge.com) notes the order provides short-term relief but leaves unresolved how federal agencies will verify status under the new benefits policy while the injunction stands. Implementation questions remain about what data sources the government may rely on.

Practical effects for providers and patients:

• Stops ICE and DHS from using the Medicaid enrollee data obtained in July for enforcement.
• Does not roll back the broader public benefits policy changes announced on July 14.
• Does not decide the final legality of the data sharing; that determination will come later in litigation.

California’s Rob Bonta emphasized the goal: keep health data within the health system. States argue that breaching that boundary could scare people away from vaccinations, early cancer screenings, and mental health care—worsening outcomes across communities.

What’s next and guidance for patients

• HHS has indicated it may issue further guidance on the expanded benefits restrictions, but specifics were unclear as of August 2025.
• Any new guidance could explain how agencies will verify eligibility without relying on private health records.

Until clarity arrives, states, hospitals, and community clinics must manage front-desk confusion while reassuring patients that medical visits should not put them or their relatives at risk.

For general information on Medicaid eligibility and privacy rules, see the CMS website: https://www.medicaid.gov/

Officials in California and Connecticut said they will continue posting updates through their offices. Advocacy groups such as EFF and EPIC are tracking the litigation and related policy changes, underscoring the link between health privacy and public health.

For families in waiting rooms, the immediate question is: Is it safe to get care? For now, the court’s order signals that health records cannot be pulled into immigration enforcement—at least while the legal review is underway.

The judge’s decision may shape how future administrations handle the boundary between health programs and immigration enforcement. This case tests whether federal agencies can repurpose sensitive data gathered for one program to serve another goal—an issue states and advocates say matters not only legally but for maintaining public trust in health care access.