Two Medical-Legal Experts Look at Patient Privacy Challenges Post-Roe

July 6, 2022
In light of the Supreme Court’s June 24 Dobbs v. Jackson Women’s Health Organization decision, two medical-legal experts look at privacy challenges facing clinicians and patients, post-Roe

A host of patient privacy concerns, especially around clinical documentation issues, has arisen, in light of the Dobbs V. Jackson Women’s Health Organization decision that the Supreme Court handed down on June 24. With the legal situation now dependent on the specific state involved, some patients, and their clinicians, are concerned that patient information could be used against those patients, and their providers, in certain situations. In that regard, a team of healthcare policy leaders authored an article published in the JAMA Health Forum online on June 30, guiding readers through some of the concerns and considerations involved.

In “Protecting the Privacy of Reproductive Health Information After the Fall of Roe v. Wade, Kayte Spector-Badady, J.D., and Michelle M. Mello, J.D., Ph.D., M.Phil, write that “The Supreme Court’s decision in Dobbs v Jackson’s Women’s Health Organization, eliminating federal protection for abortion rights recognized since 1973 in Roe v. Wade, will trigger the adoption and enforcement of numerous state laws banning or restricting abortion. The most pressing concerns for physicians and health care facilities are how to minimize these laws’ adverse effects on patients and provide quality reproductive health care within legal limits. Yet, another vital issue also merits attention: How can clinicians and facilities protect their patients—and themselves—from having reproductive health information used to incriminate them?”

According to her faculty profile, Spector-Badady is a professor in, and associate director at, the Center for Bioethics and Social Sciences in Medicine and an Assistant Professor of Obstetrics and Gynecology at the University of Michigan Medical School. At U-M she is also the Chair of the Research Ethics Committee, the ethicist on the Michigan Medicine Human Data and Biospecimen Release Committee, and a clinical ethicist. She teaches the Responsible Conduct of Research as well as Research Ethics and the Law. And according to her faculty profile, Mello is “a leading empirical health law scholar whose research is focused on understanding the effects of law and regulation on health care delivery and population health outcomes. She holds a joint appointment at the Stanford University School of Medicine in the Department of Medicine.” Further, “Mello is the author of more than 200 articles on medical liability, public health law, pharmaceuticals and vaccines, biomedical research ethics and governance, health information privacy, and other topics.”

Indeed, Spector-Badady and Mello write, “New abortion restrictions may clash with privacy protections for health information in 3 ways. And despite popular misconceptions about the breadth of the Privacy Rule of the Health Information Portability and Accountability Act (HIPAA) and other information privacy laws, current federal law provides little protection against these scenarios.”

The article’s authors see three main issues. “First,” they write, “using a patient’s medical records to support legal action against those seeking, obtaining, or abetting an abortion may be possible. HIPAA protects individually identifiable health information in electronic records controlled by a ‘covered entity’ (a clinician or facility, health plan, or health care clearinghouse) against disclosure without the patient’s authorization, but it contains notable exceptions. These include reporting child abuse or neglect to an ‘appropriate government authority’; responding to a court order, subpoena, or discovery request for information relating to a lawsuit; and giving information to law enforcement officials ‘as required by law.’ Thus, HIPAA does not bar compliance with child abuse or neglect reporting requirements, nor will it shield entities that defy investigative demands for information for law enforcement or other legal purposes.” Indeed, they write, a search warrant requires only “probably cause,” and could elicit such information.

Second, the article’s authors note that hospital and health system records could potentially be used “to incriminate an institution or its clinicians for providing abortion services. Relevant records could include electronic health records, employee emails or paging information, and mandatory reports to state agencies.” HIPAA will not protect patient care organizations in situations such as, for instance, if a state board of medical licensing investigates “whether a physician provided illegal abortions.”

And, they note, “A third concerning scenario is that information generated from a person’s online activity could be used to show that they sought an abortion or helped someone do so. Much reproductive health information is collected and shared through websites and apps that are not HIPAA-regulated or protected by physician-patient privilege, such as period tracking apps (used by millions of US women) that collect information on timing of menstruation and sexual activity5 and on reproductive health information construed from shopping data. There are many instances of internet service providers sharing user data with law enforcement6 and prosecutors obtaining and using cell phone data in criminal prosecutions. Commercially collected data are also frequently sold to or shared with third parties. Even putatively deidentified data often contain sufficient information to reidentify individuals or facilities when triangulated with other data.”

What advice can the authors, both healthcare attorneys, offer? First, they note that, “[W]hen counseling patients of childbearing age about reproductive health issues, clinicians should explain the risks of generating pregnancy-related information online. For tips on minimizing their digital footprint, patients can be referred to expert organizations. Clinicians also should not presume that more clinical documentation is always better for managing medicolegal risk. Recording less information may be more protective and prevent information from being used in unwanted ways—for example, not speculating about whether a miscarriage was spontaneous when a patient presents in the emergency department with vaginal bleeding.” They also urge clinicians to think very carefully about how and when they use email and send text messages, avoiding “word choices that could be construed as evidence of illegal activity,” and consulting legal counsel if state law enforcement officials seek any kind of abortion-related information or documents from them, and actively asserting physician-patient privilege whenever necessary, with physicians better positioned to assert it than patients.

“Ultimately,” they write, “broader information privacy laws are needed to fully protect patients and clinicians and facilities providing abortion services. California recently expanded protections for commercially collected personal information and has been enforcing protections related to reproductive health data. Comprehensive federal digital privacy legislation is reportedly inching closer to bipartisan agreement in the Congress. As states splinter on abortion rights after the Dobbs Supreme Court decision, the stakes for providing robust federal protection for reproductive health information have never been higher.”

Sponsored Recommendations

The Healthcare Provider's Guide to Accelerating Clinician Onboarding

Improve clinician satisfaction and productivity to enhance patient care

ASK THE EXPERT: ServiceNow’s Erin Smithouser on what C-suite healthcare executives need to know about artificial intelligence

Generative artificial intelligence, also known as GenAI, learns from vast amounts of existing data and large language models to help healthcare organizations improve hospital ...

TEST: Ask the Expert: Is Your Patients' Understanding Putting You at Risk?

Effective health literacy in healthcare is essential for ensuring informed consent, reducing medical malpractice risks, and enhancing patient-provider communication. Unfortunately...

From Strategy to Action: The Power of Enterprise Value-Based Care

Ever wonder why your meticulously planned value-based care model hasn't moved beyond the concept stage? You're not alone! Transition from theory to practice with enterprise value...