A journalist reports near a crowd of abortion-rights activists in front of the U.S. Supreme Court after the Court announced a ruling within the Dobbs v Jackson Women’s Health Organization case on June 24, 2022 in Washington, DC.
Nathan Howard | Getty Images
The Supreme Court’s decision to overturn Roe v. Wade last month raised concerns that data collected by tech firms and clinics could possibly be used to criminally charge individuals who seek abortions or experience pregnancy loss.
Although the federal law often known as the Health Insurance Portability and Accountability Act, or HIPAA, protects patient privacy, health-care providers can still be compelled to reveal patient data under special circumstances, equivalent to a subpoena or a court order.
There’s also plenty of information that buyers generate of their on a regular basis lives that may not be considered subject to HIPAA and could possibly be used as evidence in court against individuals who allegedly sought abortions that violate state laws or against their providers. Legal experts note that search history, text messages, location data, and period-tracker apps could all potentially be utilized in court and in some cases have already got been.
While some technology firms, equivalent to Google and the menstrual-cycle tracking app Flo, have announced steps to higher protect their users’ reproductive health-related data, the safety of consumers’ data largely stays on the whims of the services they use within the absence of federal digital privacy law.
Still, some states, including California and Illinois, have already got digital privacy laws that will help secure consumer data more generally. Additional state-level proposals aim to guard reproductive health data particularly, equivalent to Connecticut’s Reproductive Freedom Defense Act. That bill could help fill in some gaps in HIPAA while legislators in Congress proceed to push for national privacy protections.
Here is an summary of some current laws and proposals that might protect the knowledge of pregnant people each on and off the web.
Health Insurance Portability and Accountability Act (HIPAA)
What it does: HIPAA is a federal patient privacy law passed in 1996 that prohibits health-care providers and insurers from disclosing patient information. It’s overseen by the Office for Civil Rights throughout the Department of Health and Human Services.
Generally, HIPAA doesn’t allow abortion clinics or health-care providers to disclose to law enforcement officials whether an individual has had an abortion. If the state law prohibits abortion but doesn’t “expressly require” people to report it, an abortion clinic that reports patient information to others could be in violation of HIPAA.
What information is not protected under HIPAA: HIPAA cannot resolve all privacy concerns related to reproductive rights. In accordance with recent guidance published by HHS, the law allows an abortion clinic to reveal who received an abortion in response to a court order or summons, which could turn into much more common within the post-Roe era.
HIPAA only applies to certain varieties of businesses and professionals. It could possibly regulate only health insurers, health-care providers, data clearinghouses and business associates.
HIPAA cannot protect some patient information gathered by anti-abortion organizations, equivalent to so-called crisis pregnancy centers, that try to attract and redirect abortion-seekers. There are about 2,500 centers across the nation, based on Crisis Pregnancy Center Map, a project led by academics on the University of Georgia.
What it might do: The My Body, My Data Act is a federal privacy proposal that targets firms that collect reproductive health information. It might require firms to get user consent before collecting, retaining or disclosing reproductive health data unless the info is “strictly needed” to offer a service or product the user has requested. It might also require firms to delete users’ information upon request. The Federal Trade Commission would have the facility to implement the regulations.
What gaps it might fill: While HIPAA mainly covers health-care providers, this bill focuses on regulating technology firms and apps that collect reproductive health data.
Rep. Sara Jacobs, D-Calif., a co-sponsor of the bill, told The Washington Post that because it stands, without such a law, it’s possible for “a right-wing nonprofit organization [to] buy all of this data from the varied period-tracking apps” and pinpoint every user “who ought to be pregnant without delay but shouldn’t be.”
How likely is it to pass? Jacobs looked as if it would concede in her interview with the Post that the bill is unlikely to turn into federal law, given the Republican opposition to expanding abortion protections. But, she said, the federal bill could encourage and be a model for state-level actions.
What it might do: This federal bill, introduced by Sen. Elizabeth Warren, D-Mass., and other Democrats in June, would ban data brokers from selling location and health-care data.
The bill would give the FTC power to implement the standards around selling health and site information. It might also give state attorneys general and individuals the facility to sue over alleged violations. The bill also guarantees $1 billion in funding to the FTC over the subsequent decade to perform its work, including the enforcement of this law.
What gaps it might fill: While the My Body, My Data Act mainly deals with the gathering of health data, Warren’s bill focuses on regulating the sale of location data. The proposal got here after Vice reported that data brokers equivalent to SafeGraph were selling location data of people that visited abortion clinics.
How likely is it to pass? The bill would likely need some Republicans on board to have a likelihood at passing, which is a tall order given the party’s general opposition to expanding abortion protections.
Pennsylvania’s Protection of Pregnant Individuals’ Information Act
What it might do: This bill, introduced in May by Democratic state Rep. Mary Jo Daley, would prohibit so-called crisis pregnancy centers from disclosing nonpublic health information they’ve collected without explicit authorization.
What gaps it might fill: Recent reports have highlighted the info risks involved in visiting a crisis pregnancy center. Some pregnant people looking for abortions do not understand the centers may not offer abortion services and as an alternative attempt to dissuade visitors from ending their pregnancies.
Federal lawmakers have called on Google to make it clearer to consumers that such centers, which regularly have web sites designed to appear to be those of abortion clinics, don’t offer abortions. Since these centers are sometimes not licensed medical providers and offer free services, they aren’t sure to federal health privacy laws, Time reported, based on conversations with privacy lawyers.
The Pennsylvania bill could make it harder for these anti-abortion centers to reveal information that otherwise falls on this unprotected area.
How effective wouldn’t it be? The bill still allows clinics to reveal nonpublic health information without authorization if the clinic is required to comply with national, state or local laws, or a court order or investigation. This might potentially undermine the effectiveness of the protections.
Sanctuary state laws and proposals
What they’d do: Some of these bills, passed or introduced in several Democratic stronghold states, would make it easier for pregnant people looking for abortions outside of their very own states to achieve this by safeguarding their information inside so-called sanctuary states. Meaning if an individual in Texas seeks a legal abortion in Connecticut, for instance, it could possibly be harder for Texas authorities to acquire information on that procedure.
The laws differs barely from state to state. Generally, all these bills seek to stop certain agencies or providers of their states from having handy over sensitive reproductive health information to a different state looking for to prosecute an alleged abortion under its own laws.
Which states have them: Two such proposals which have already been signed into law by Democratic governors are Connecticut’s Reproductive Freedom Defense Act and Latest Jersey’s Assembly Bill 3975 / Senate Bill 2633.
What gaps they’d fill: As of July 7, nine states have already outlawed abortion, and 4 states may soon pass laws to ban abortion, based on Politico. Many individuals in these states may decide to receive abortion services in protected harbor states equivalent to Connecticut while still facing legal risks of their home states.
Meaning the sort of laws could shield travelers from states which have outlawed abortion from liability for receiving such services in a state that has legal abortion services and safeguard laws.
How effective they’d be? While these laws will protect information on legal procedures that occur within the states where they exist, patients who live in states with restrictive abortion laws will still should be mindful of where else their medical records could also be held.
“Imagine that you simply are in Alabama, and also you come to Connecticut and get an abortion, and then you definitely go see every other doctor in Alabama. We’re increasingly in a world where your medical record may sort of follow you back to Alabama,” Carly Zubrzycki, a health law professor on the University of Connecticut School of Law, told the Verge.
Also, among the measures include certain exceptions that might allow information to be handed over. For instance, Latest Jersey’s law allows exceptions under valid court orders or in cases where child or elder abuse is suspected in good faith. But within the latter case, it says reproductive health-care services which can be legal in Latest Jersey mustn’t be considered abuse.
WATCH: Bipartisan lawmakers debate recent framework for privacy laws