HIPAA does not protect prosecutors’ reproduction records

Owith Roe v. wade now reversed, patients wonder whether federal laws will protect their reproductive health data from state law enforcement or broader legal action. The answer, currently, is no.

If there is a warrant, court order, or subpoena for disclosure of these medical records, then a clinic is required to turn them over. And patients and providers can be made legally vulnerable by the massive trail of health-related data we all generate every day through our devices.

When it comes to health records, the most important law is HIPAA – the Health Insurance Portability and Accountability Act. It’s possible that federal officials will try to change it so that reproductive care or abortion records get extra protection, but legal experts say that’s unlikely to happen in court at all. a time when many judges tend to be hostile to executive action.


While abortion will remain legal in many states, 22 have laws in place that will ban the procedure or lead to severely restricted access to it, according to the Guttmacher Institute.

It is unclear exactly how state authorities will react to this decision. Many anti-abortion groups oppose the criminalization of abortion patients. Experts have serious concerns about how gaps in privacy laws could potentially open clinicians and patients to legal action, but the issues discussed here are possible, not certain, consequences of Friday’s decision.


HIPAA in a post-Roe world

“People think HIPAA protects a lot more health information than it actually does,” said Kayte Spector-Bagdady, professor of bioethics and law at the University of Michigan.

It all comes down to state law. She said the federal secrecy rule contains exceptions that could allow prosecutors to compel companies to give up information relevant to a criminal investigation — and the same goes for other types of lawsuits.

“All that [a] provider could use to push back is to say, “I want to see a warrant” or “I want to see a subpoena,” said Carmel Shachar, executive director of the Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at the Harvard Law School.

While many laws restricting abortions have focused on providers, legal experts say some patients could also become vulnerable.

In states that ban abortion, the mere suspicion that a patient has had an abortion would be enough to allow law enforcement to search her medical records under the guise of identifying or locating a suspect, a said Isabelle Bibet-Kalinyak, member of the Brach Eichler cabinet. practice of health law. “They would still need to have probable cause,” she said.

There are situations where obtaining certain types of sensitive health information can be made more difficult for authorities to access – adding hurdles to jump through, without fully protecting the data. “You can say, OK, well, if law enforcement wants reproductive health medical records, they have to work with a federal prosecutor to get them,” Shachar said. “Maybe that would make it so difficult that state prosecutors would be reluctant to take those cases.”

She mentioned the higher standards in some states for releasing mental health records and HIV status, for example. But these are not currently in place for reproductive health care and would remain leaky.

“I think this is a wake-up call about the limitations of HIPAA,” said Adrian Gropper, chief technology officer of the Patient Privacy Rights Foundations. Although abortion is a highly partisan issue, he believes Democrats and Republicans could agree on the need for better patient privacy legislation.

For now, most health law experts see very little protection for patient privacy. Look at the history of HIPAA-related cases, Gropper said, and “you’ll find very few examples of enforcement actions for patient privacy breaches.”

The free flow of data in health care and the economy in general can also be used to directly discriminate against people based on their use of reproductive health services. If an employer has a certain position on abortion, you may be denied a job if they “used a predictive algorithm” to review data available to employers about your medical care, said Andrea Downing, president and co-founder. from The Light Collective, a non-profit that advocates for better protection of health data.

“Anything you do in healthcare, in our current state of (regulation), can be used against you,” she said.

Health data beyond HIPAA

In states where abortion is banned, patients need to think about more than their official medical records.

“If I was giving advice to my sister or my best friend, the first thing I would say is to be very careful about the data you generate in general,” Shachar said. “We think about medical records, but our phones collect an incredible amount of data. It’s not a good idea to text about your intention to have an abortion. It’s not a good idea to use a online payment application to purchase these services. You may want to leave your phone at home rather than bringing it to the clinic. You may not even want to search for abortion providers on your phone or computer.

Spector-Bagdady added that a large economy of health information is also beyond HIPAA’s control, allowing makers of period-tracking apps and other devices to share customer information with third parties in certain cases.

“Some of these (companies) have sold or shared fully identified information in the past with other companies such as Facebook,” she said. She noted a court case the state of California recently sued Glow, a company that makes menstrual cycle tracking software, for sharing reproductive health information outside of the app. But the breach in this case stemmed from more stringent data protection rules in California that aren’t in place in other states.

Additionally, neither HIPAA nor state consumer protection rules prohibit the disclosure of massive amounts of transmitted health information outside of medical settings – in retail stores, social media sites , online shopping accounts, SMS and elsewhere.

“The longer you are online, the greater your exposure,” said Eric Perakslis, health privacy and cybersecurity expert at Duke University. “You have your CVS account, your online patient portal, your email where appointment reminders are sent, your SMS feed on your phone. You can see how the threat is getting worse. It’s very difficult for people to think about that because they compartmentalize.

The impact of the decision will also create greater racial and economic disadvantages, as people with fewer resources cannot always afford to obtain services from providers offering greater privacy protections. strong, Perakslis said.

“People with less means could use the free clinic or Planned Parenthood, while the wealthy and well-insured go to the beautiful doctor’s office building,” he said. “The kind of data stands out more. People with less means are more exposed.

The Supreme Court, seen from the site of a protest on Friday, after the Court overturned Roe v. Wade. (AP Photo/Jacquelyn Martin) Jacquelyn Martin/AP

Crossing state lines for an abortion

One question that remains is what might happen if states try to ban their residents from going elsewhere in the United States to have an abortion.

The concurring opinion of Judge Brett Kavanaugh suggested that crossing state lines should not be prohibited. “He believes there is a constitutional right to travel interstate for an abortion,” said Harvard Law School professor I. Glenn Cohen. Cohen wasn’t sure other conservative justices had the same view.

“There’s something that seems very alarming about a state saying you can’t go outside my borders to get medical care,” Shachar said. “We have traditionally always had freedom of movement between states.” This became an issue during the pandemic, as states attempted to implement testing mandates for out-of-state travelers, but “ultimately the state didn’t really have great levers to demand that”.

Of course, interstate travel, if protected by law, “may be an option for some people, but not if you have a disability, or if you’re poor, or if you have an abusive partner who will beat you up.” he finds out,” Cohen said. .

Blurry difference between abortions and miscarriages

Another problem is that the same drugs that are used for chemical abortions are also used to treat miscarriages, to ensure that they are safely expelled from the body.

“In medical records, it’s going to be difficult to distinguish who is seeking an abortion and who is seeking care after having a miscarriage at home,” Shachar said.

“What worries me about the lack of confidentiality of medical records is that even if you are a provider who does not offer abortions, but you provide good care to your patients, some of whom miscarry, these medical records could be detectable and could be used in criminal cases against the provider.

While people have already been prosecuted for miscarriages in a number of states — for drug use during pregnancy, for example — experts warn that such cases could become more common. This is just one of the cases in which this Supreme Court decision may expose flaws in US health privacy laws and may make some patients afraid to see a doctor.

Leave a Comment