The second privacy concern is the potential use of health-care facility records to incriminate an institution or its clinicians for providing abortion services. Relevant records could include electronic health records, employee emails or paging information and mandatory reports to state agencies. Clinicians may not realize that if they are using an institutional email address or server, their institution likely has direct access to information and communications stored there, which can be used to search for violations. State Freedom of Information Act (FOIA) laws also allow citizens to request public records from employees of government hospitals and clinics.
“Additionally, state mandatory reporting laws for child abuse might be interpreted to cover abortions — particularly if life is defined as beginning at fertilization,” the authors note.
The third scenario is that information generated from a woman’s online activity could be used to show she sought an abortion or helped someone to do so. Many women use websites and apps that are not HIPAA-regulated or protected by patient-physician privilege, such as period-tracking apps used by millions of women that collect information on the timing of menstruation and sexual activity.
“There are many instances of internet service providers sharing user data with law enforcement, and prosecutors obtaining and using cellphone data in criminal prosecutions,” write Mello and Spector-Bagdady, adding commercially collected data are also frequently sold to or shared with third parties.
“Thus, pregnant persons may unwittingly create incriminating documentation that has scant legal protection and is useful for enforcing abortion restrictions,” they said.
The immediate problem, Mello notes, is in the states that have already banned abortion or passed restrictive laws.
“There could be a problem with states trying to reach outside their borders to prosecute people, but that could well be unconstitutional,” Mello said.
Some states’ laws sweep abortion pills into the definition of illegal abortions, she said, and there are legal obstacles to supplying the pills across state lines.
“There is a lot of energy going into figuring out a workaround right now, but it’s too soon to call,” Mello said.
So how can clinicians and health-care facilities protect their patients and themselves?
When counseling patients of childbearing age about reproductive health issues, clinicians should caution their patients about putting too much medical data online and refer them to expert organizations that will help them minimize their digital footprint.
When documenting reproductive health encounters, the authors said, clinicians should ask themselves: “What information needs to be in the medical record to assure safe, good-quality care, buttress our claim for reimbursement, or comply with clear legal directives?” For example, does information about why a patient may have experienced a miscarriage need to be recorded?
Patients and clinicians should be aware that email and texting may be seen by others, so conversations among staff about reproductive health issues may best be conducted by phone or in person.
Finally, if abortion-related patient information is sought by state law enforcement officials, a facility’s attorney should be consulted about asserting physician-patient privilege and determining whether the disclosure is mandated by law.