Patient Privacy in The Post Roe Era
Zulay Valencia Diaz
Associate Editor
Loyola University Chicago School of Law, JD 2024
On June 24, 2022, the Supreme Court finally handed down its long-awaited opinion in Dobbs v. Jackson Women’s Health Organization. In this decision, the Court set aside nearly 50 years of precedent and unequivocally overruled Roe v. Wade, declaring that there is no Constitutional right to abortion. This decision will unsurprisingly change laws and significantly impact millions of people across the country. Although pro-choice activists have been bracing for this outcome and mobilizing to maintain access to abortions, they have to contend with a consideration that did not exist to the same magnitude the last time that abortion was illegal in the US: anti-abortion laws’ impact on data privacy.
Impact of data privacy on abortion
A number of states have already made abortion illegal, and some have even made seeking an abortion a felony. This has sparked fears that things like medical records, internet searches and text messages will be used to prosecute both abortion providers and pregnant people. There is also uncertainty regarding what the Dobbs decision means for the Health Insurance Portability and Accountability Act (HIPAA) and other laws dealing with health privacy.
This is not an unfounded fear. Even when Roe and Planned Parenthood of Southeastern Pa v. Casey were the law of the land, there were of law enforcement using text conversations and Internet history to prosecute people for allegedly getting abortions. In one case, a woman in Indiana was initially sentenced to twenty years in prison for feticide after she went to the emergency room when she miscarried. Prosecutors used text messages between her and a friend to show that she had been searching for abortion pills to induce her miscarriage. In another instance, a woman in Mississippi was charged with second degree murder after giving birth to a stillborn. The prosecution presented her Internet search history, in which she had looked up abortion medication, to establish that the stillbirth was a result of her attempted abortion. Although these two women were ultimately freed, there is a strong concern that in a post Roe world, where abortion is no longer a Constitutionally recognized right, people will be incarcerated with the aid of their personal data.
Furthermore, data privacy experts have acknowledged that states seeking to criminally penalize abortions could, and probably will, rely on the personal data collected by tech companies to build their cases. They believe that this will apply not only to abortion providers, but to pregnant people as well. Many people worry that prosecutors will try to use the data collected by period tracking apps. However, data privacy experts believe that that internet searches, social media posts and geolocation are more likely to be vulnerable. For this reason, data privacy organizations, the government and tech companies themselves have tried to develop and release information about how this can be combatted.
How can we protect user data?
On June 29, 2022, the U.S. Department of Health &Human Services (HHS) issued guidance on how patient privacy can be protected now that Roe has been overturned. It has clarified what and when patient information can be requested and released by third parties. It has also declared that the HHS Office of Civil Rights will make it a priority to prosecute entities who violate patient privacy in the wake of the Dobbs decision.
Moreover, the Electronic Frontier Foundation (EFF) released an article in which it detailed several ways that tech companies can go about protecting their users data. For example, it suggested that apps and other tech companies allow users to access their products pseudonymously, so that even the companies wouldn’t know who these users are. The rationale is that if they do not know who the users are, they cannot release information about them. Additionally, they could routinely erase user data that is not essential so that, if subpoenaed, they could not produce it. Lastly, tech giants like Google could use their vast resources to fight or delay turning over data, making low funded municipal prosecutors justify expending their resources.
Although it is unclear whether any of these tactics would work individually, data privacy advocates feel that if used together, patients’ data privacy would remain largely protected. It has been less than three months since Roe was overruled but already the ramifications of not having a Constitutional protection for abortion are being felt. Social media and the news are filled with stories of people being unable to get abortions, or having to wait until they are in mortal danger before hospitals will allow doctors to perform the life-saving procedure.
If private companies and the federal government are truly as committed to safeguarding abortion access as they claim to be, it is imperative that they help implement data privacy experts’ suggestions immediately. On the eve of more anti-abortion supporters potential election to office, this might be one of the few large-scale ways of ensuring that people seeking abortions are protected from future prosecutions or government harassment for making this deeply personal choice. Failing to give people concrete assurances that their personal data will not be weaponized against them might lead to disastrous consequences.