The Trade-Offs for Privacy in a Post-Dobbs Era
">
Michele Gomez remembers the exact moment when she realized the problem. It was the fall of 2022. Gomez (who, like me, is a family physician and abortion provider in California) had recently provided a virtual medication abortion to a patient from Texas. The patient had flown to her mom's house in California, where she had her appointment, took her mail-order medications, and passed the pregnancy. Back in Texas, she became concerned about some ongoing bleeding and went to the emergency room. The bleeding was self-limited; she required no significant medical interventions. Gomez learned all this the following morning. "I sat down at my computer and saw her note from the ER. And I thought, 'Oh God, if I can see their note, then they must be able to see my note"--a note that included prescriptions and instructions for the medication abortion. For weeks afterward, she waited for a call, fearing Texas law enforcement would come after her--or worse, after her patient.
Christine Henneberg is a practicing physician in California and the author of Boundless: An Abortion Doctor Becomes a Mother.
Christine HennebergA vast system of digital networks--called Health Information Exchanges, or HIEs--link patient data across thousands of health care providers around the country. With the click of a mouse, any doctor can access a patient's records from any other hospital or clinic where that patient has received care, as long as both offices are connected to the same HIE. In a country with no national health system and hundreds of different electronic medical record (EMR) platforms, the HIE undeniably promotes efficient, coordinated, high-quality medical care. But such interconnectivity comes with a major trade-off: privacy.
Patient privacy has always been a paramount value in abortion care, and the stakes have only gotten higher after the Dobbs decision. I am among many concerned abortion providers asking for swift action from EMR companies, who have the power to build technical solutions to protect our patients' digital health information. If these companies aren't willing to build such protections, then the law should force them to do so.
Although it's not spelled out in the Constitution, the Supreme Court has historically interpreted several amendments to imply a "right to privacy," most famously in the case of Roe v. Wade. By grounding the Roe decision in the 14th amendment's Due Process clause, the Supreme Court effectively wrapped a right to privacy around the female body and its capacity for pregnancy.
Over the 50 years following Roe, the internet came along, and then the electronic medical record and the HIE. Alongside this growing connectivity and portability, the federal government enacted a series of laws to protect health information, including the Privacy Act of 1974 and parts of the Health Information Portability and Accountability Act (HIPAA) of 1996. But HIPAA is not primarily a privacy law; its main purpose is to facilitate the transfer of health records for medical and billing purposes. Many patients don't realize that under HIPAA, doctors are permitted (though not always required) to share health information with other entities, including insurance companies, health authorities, and law enforcement.
HIPAA does include some privacy provisions to protect "sensitive" information. Certain substance use treatment records, for example, are visible only to designated providers. Law enforcement is prohibited from accessing those records without a court order or written consent. Access to abortion records can be similarly restricted, but with a technical catch: These restrictions apply only to certain data, called "visit-specific" information, such as the text of the doctor's note. Other data, called "patient-level" information--including ultrasound images, consent forms, and medications--remain discoverable. If, for example, a patient travels to California and is prescribed mifepristone and misoprostol--the standard regimen for medication abortion--those medications will appear in her record back in her home state. Any reasonable person can assume what happened at that visit, even without reading the note.
It appears that the people who built the EMR platforms never stopped to consider what would happen if the privacy of the pregnant body--the privacy once guaranteed by Roe--were to disappear overnight. As NYCLU lawyer Allie Bohm says, the HIE "was not designed for a world in which health care in one place is considered a crime in another place." In such a world, a patient's medical record becomes incriminating evidence. Under laws like Texas's SB 8, for example, anyone who "aids and abets" an abortion can be sued. Knowing this, a Texas ER doctor might refuse to treat a patient whose record reveals that she had an out-of-state abortion. That doctor, or any other member of the ER staff, might even feel compelled to report her to the police. "This is a thing we know has happened," says Bohm.
Gomez and Panna Lossy, both colleagues of mine, have convened a national working group of clinicians, lawyers, and administrators concerned about digital abortion privacy, whose members have met with EMR company representatives to ask for solutions. So far, the companies have been unwilling to build additional privacy settings, claiming it would be too difficult, or that these settings would be in violation of the CURES Act (which prohibits health care "information blocking"). Members of the working group fear the companies will never address the problem unless the law forces them to--which it might. Maryland recently passed a law requiring protection of patient health information across state lines. California is working on its own version of such legislation, thanks in part to pressure from working group members. A proposed federal regulation change to HIPAA is also on the table, which would prevent information pertaining to legal reproductive health care from being shared with law enforcement.
But laws like these, if they pass, will take years to go into effect. The current workarounds--like having patients sign a form to opt out of the HIE--are inadequate and inequitable. Some providers have resorted to using paper charts, or simply omitting abortion-related care from the EMR. Others are understandably reluctant to practice what one clinician called "underground medicine." This is the dilemma for abortion providers under Dobbs: to keep an electronic medical record is to compromise patient privacy. But to reject or evade the connectivity of the HIE is to slip "underground," out of the mainstream of American health care--exactly where anti-abortion activists want us to go.
Rather than wait for state or federal laws to force them to change, EMR companies could--and should--convene a post-Dobbs design team, led by patients, doctors, and legal experts, whose priority is to protect the privacy of the pregnant body. Ideally, they would hide all reproductive health data by default. On a more granular level, they could make it easier for patients to control their own privacy settings, allowing them to toggle a switch to hide pregnancy histories, obstetrical ultrasounds, medications, and test results. The technology for such solutions exists; EMR companies just need to utilize it.
Such a redesign would, of course, be a woefully inadequate replacement for the constitutional protection of pregnant persons' bodily autonomy and privacy. But since the Supreme Court has forsaken these protections, digital privacy is, at least for now, our best and only recourse.
WIRED Opinion publishes articles by outside contributors representing a wide range of viewpoints. Read more opinions here. Submit an op-ed at ideas@wired.com.
ideas@wired.com