Reproductive health care and data privacy: What we know, what we don't, and how to protect yourself
Reproductive health care and data privacy: What we know, what we don't, and how to protect yourself
Directly after the Supreme Court's reversal of Roe v. Wade, there was an almost immediate call for people who menstruate to delete their period-tracking apps because of the possibility governments could leverage the data against those who seek an abortion. The conversation surrounding that concern was at the forefront of news coverage for several weeks before eventually petering out. However, that doesn't mean concerns about data privacy regarding protecting access to reproductive health care have been put to rest.
Because data privacy and reproductive rights are convoluted and subject to change, it's challenging to keep up with what is safe and legal, and what isn't. In light of this, Stacker investigated how data privacy and access to reproductive health care intersect using various news sources and consulting the Electronic Frontier Foundation's senior legislative activist, Hayley Tsukayama.
What we know
Very little information about reproductive health care has protection from being solicited or subpoenaed as evidence to prosecute an individual in a court of law. Even information held by a health care provider, which the Health Insurance Portability and Accountability Act of 1996 (known as HIPPA) typically covers, can be subpoenaed if a judge deems it necessary for a case.
Some states, including California and Connecticut, have proposed laws to strengthen HIPPA protections and safeguard individuals who may travel from out of state to receive an abortion or other reproductive care. However, these laws aren't guaranteed, as Tsukayama illustrated with a hypothetical.
"If I'm a Missouri resident, I see my doctor in Missouri. [Then] I go to California for an abortion, and they put that in the system. My Missouri doctor could see it because they're still a covered entity. So it could be within the same medical record system. And if they were motivated to, they could report it. And we know of cases where medical providers have been the ones who've reported people for seeking reproductive care."
The Biden administration has also made moves to protect reproductive care information at the federal level. On April 12, 2023, during the Task Force on Reproductive Healthcare Access' third meeting, the White House announced several actions to protect patient privacy, including strengthening HIPPA privacy protections, helping protect student health information under the Family Educational Rights and Privacy Act, and issuing new guidance about how to handle electronic medical records. However, these measures are severely limited unless Congress codifies such protections by law.
Despite these efforts, police are already prosecuting people for receiving or helping someone else obtain an abortion based on unprotected data. Nebraska police charged a woman with helping her daughter receive an abortion after her Facebook messages were obtained from Meta and used as evidence. Police in Mississippi charged another woman with illegally receiving an abortion after her Google search history revealed she had looked up how to "buy Misoprostol Abortion Pill Online" 10 days prior.
On a broader scale, an investigation by ProPublica revealed online pharmacies sell data to Google and other third parties, opening the door for law enforcement to access that data.
What we don't know
Question marks and unknowns riddle the intersection of reproductive health care and data privacy. The current trend of various states moving to opposite sides of the reproductive rights spectrum will likely continue, according to Tsukayama, where conservative states like Texas ban abortions while more liberal states like California safeguard them. When asked about the likelihood of federal protections, Tsukayama painted an uncertain picture.
"Reproductive health care and abortions are a very divisive topic, so in the current Congress, I don't really know what the chances are of getting federal protection of some kind. This is maybe my bias being a person who looks at state legislatures far more than federal legislatures, but I think we're much more likely to see [regulations], protective and not, pass at the state level and to see that divide."
In addition to questions surrounding the movement of legislation, there are very few resources to determine how different companies protect their users' data. No matter what, all private entities are required to comply with legal investigations.
Many law enforcement processes are opaque, Tsukayama said, and it is unclear how often prosecutors will use social media and search history data and how aggressive police forces and other government entities will be in enforcing abortion regulations.
"There are a lot of laws on the books that aren't enforced that strongly. And obviously, there was a lot of political will to get some of these things passed," Tsukayama explained. "But it really is so up in the air: how aggressive the different states are going to be, how aggressive different counties are going to be. Is it just going to be a couple of counties with really aggressive law enforcement? Is it going to be a state priority?"
Beyond these questions targeted specifically at reproductive care, Tsukayama also mentioned that whatever happens with abortion rights sets a precedent for regulating other medically involved issues, such as gender-affirming care. Many states have passed or are attempting to pass bills restricting gender-affirming care—Tsukayama said this is an issue to watch.
How to protect yourself
In general, assume your information is not protected, Tsukayama recommended.
"It's really up to company policies to decide how they're going to sell or share information, how they're going to safeguard information. And they're also open to law enforcement," she continued. "There's just a lot of ways that data can tell a story and a lot of ways that it gets out and gets shared."
Overall, protecting your data privacy guards your reproductive rights. Familiarize yourself with protection guidance from organizations like EFF and the Digital Defense Fund. Read the privacy policies of services like period-tracking apps and online reproductive health care clinics. And look into privacy reviews of online services, like Wired's review of period-tracking apps, to help guide your use.
Additionally, if you want to become involved on a more systemic level, legal advocacy groups like If/When/How—which is co-sponsoring some of the same legislation as digital privacy groups—strive to provide resources to those who are being prosecuted for receiving reproductive care.
"There are people thinking about [protecting reproductive rights through data privacy] and they're on your side," Tsukayama said.
Story editing by Brian Budzynski. Copy editing by Kristen Wegrzyn.