You are using an older browser version. Please use a supported version for the best MSN experience.

The Next Frontier of the Fight for Abortion Rights Is Privacy Law | Opinion

Newsweek logo Newsweek 7/27/2022 Thora Johnson, Kyle Kessler, Alyssa Wolfington
WASHINGTON - JANUARY 22: Local pro-choice activist Lisa King holds a sign in front of the U.S. Supreme Court as a pro-life activist holds a rose nearby during the annual "March for Life" event January 22, 2009 in Washington, DC. The event was to mark the anniversary of the 1973 Roe v Wade Supreme Court abortion ruling. © Alex Wong/Getty Images WASHINGTON - JANUARY 22: Local pro-choice activist Lisa King holds a sign in front of the U.S. Supreme Court as a pro-life activist holds a rose nearby during the annual "March for Life" event January 22, 2009 in Washington, DC. The event was to mark the anniversary of the 1973 Roe v Wade Supreme Court abortion ruling.

The Supreme Court ruling to overturn Roe v. Wade and the ensuing response from certain states have launched a national battle to protect the right to an abortion. Among others, a new front has emerged: the right to reproductive privacy.

The Dobbs decision overturning Roe has left many questioning whether their most sensitive information—information relating to their reproductive health care—will remain private. Dobbs set in motion a web of state laws which make having, providing, or aiding and abetting the provision of abortion a criminal offense, and many now fear that enforcing those laws will come down to data tracking. State agencies and private groups may be asked to turn over data from the health tech, ridesharing, and hospitality industries as part of their prosecution of these new crimes.


Under current privacy laws, they will be able to do so. Responsible businesses wanting to protect their customers' data will be in the crosshairs.

The government must act. Protecting reproductive freedom requires establishing a federal privacy law protecting information related to health care from being handed over to law enforcement unless absolutely necessary to avert substantial public harm.

Federal regulations such as HIPAA and state laws such as the CMIA (Confidentiality of Medical Information Act) generally prohibit the disclosure of health information to third parties. In reaction to Dobbs, the HHS issued guidance to clarify HIPAA's protections for reproductive health information. The guidance notes that companies subject to HIPAA are prohibited from sharing health information with law enforcement if it is not required by law, or the request is not accompanied by a court order.

Shortly after the May leak of the draft Dobbs decision, the California Attorney General called on companies to adopt robust privacy and security measures to protect reproductive health information.

Yet there are two major gaps: First, only certain health care providers and health plans are subject to these laws. For example, fitness apps that collect insights on an individual's exercise, eating, sleep, and fertility may fall outside these legal regimes, and ridesharing and hospitality companies may as well. Second, when it comes to a court ordered warrant, subpoena, or summons, even covered entities under HIPAA and the CMIA are not prevented from disclosing this sensitive health and location information.

This means that HIPAA and state laws like the CMIA are imperfect.

In response to Dobbs, President Biden issued an Executive Order directing the FTC to take steps to "protect consumer privacy when seeking information about and provision of reproductive health care services." The FTC also published a blog post explaining that the combination of location data and user generated health data creates unique privacy concerns and that companies should be careful not to make misleading statements about how data is disclosed and whether it is anonymized.

Still, the FTC's guidance does little to address the chilling effect of the potential disclosure of reproductive care to law enforcement.

Several senators have encouraged HHS to amend the regulations under the HIPAA Privacy Rule to prevent the disclosure of reproductive health information pursuant to law enforcement requests. Some legislators have come up with additional solutions, such as the Health and Location Data Protection Act, which would ban the sale or transfer of location or health data (such as search history) by data brokers.

While these actions are encouraging, we need new law, ideally at the federal level and applicable to all industries, that will eliminate an individual's fear that their use of reproductive healthcare services will be disclosed to law enforcement and used against them. Without it, this real and substantial fear erodes the patient-provider relationship and creates a barrier to care. The new law will also permit business to continue to innovate in the delivery of reproductive health services.

There are models for what's needed. We can look to the GDPR, Europe's privacy regime, and its safeguards around the disclosure of sensitive health information for law enforcement. Here in the U.S., federal law protects substance use disorder records from disclosure to law enforcement to not deter treatment. Disclosure of SUD records to law enforcement requires a court order granted only after a showing of good cause, which requires balancing public interest against injury to the patient, the patient-physician relationship, and treatment.

Something like this might work for reproductive healthcare services. But these measures are not sufficient. We need a federal privacy law to reinstate confidence in the confidentiality of the patient-provider relationship and the ability to freely seek reproductive health care services without retribution.

Thora Johnson is a partner with the law firm Orrick, where she practices in the health tech and privacy area with associates Kyle Kessler and Alyssa Wolfington.

The views expressed in this article are the writers' own.

Related Articles

Start your unlimited Newsweek trial


More from Newsweek

image beaconimage beaconimage beacon