How the Dobbs abortion ruling reshaped America’s privacy debate, from health to politics and law – Grid
:quality(100)/cloudfront-us-east-1.images.arcpublishing.com/thesummit/IO23CUQN55FOZFQKS5IGINNKOM.jpg)
The Dobbs ruling inadvertently highlighted how much technology has changed healthcare in the 50 years Roe v. Wade was the law of the land.
Once, handwritten notes from a doctor were often the only record of a person’s abortion. Now, the process of seeking and obtaining the procedure leaves a long digital trail — search histories, fertility tracking apps, text messages, location data and electronic health records — that can potentially be mined by law enforcement.
That is already happening, as illustrated by the case of the mother and daughter in Nebraska whose Facebook messages were obtained by law enforcement.
“Roe was doing a lot of work to prevent states from getting too aggressive about prosecuting either providers of abortion services or people seeking abortion care,” said Carmel Shachar, executive director of the Petrie-Flom Center for Health Law Policy, Biotechnology and Bioethics at Harvard Law School. “Dobbs took away those protections for both groups, and lack of data privacy opens them up to criminal prosecution and civil liability.”
The magnitude of the change shocked many people in the weeks after a draft version of the Dobbs verdict leaked in May, as concerns mounted about the vulnerability created by use of everyday technology like cellphones and social media.
People often view the Health Insurance Portability and Accountability Act, or HIPAA, as a privacy shield around medical information, Schachar said. But it is a narrow law with lots of exceptions.
“HIPAA is the way we protect data in your medical record that is compiled by traditional healthcare providers,” Shachar said, including clinicians, hospitals and entities that facilitate insurance coverage. That information, which might include individually identifiable diagnoses, procedures or prescription history, normally cannot be shared without the patient’s consent.
But that protection evaporates when law enforcement is looking for evidence of a crime, which now includes abortion in many states. If presented with a subpoena or warrant, healthcare providers are permitted, but not required, to share information that would otherwise be protected under HIPAA.
“This exception doesn’t require providers to be proactive,” Shachar said, meaning they could decline to share patient information, although this could open them up to subsequent legal action. The Department of Health and Human Services recently issued guidance clarifying the conditions under which providers are allowed to disclose information, but there’s still a lot of gray area.
Apps, search histories and more
That gray area includes the extensive health-related information available through data brokers who are not governed by HIPAA and can and do sell data to law enforcement.
Modern life generates enormous quantities of digital detritus — old text messages, location history, past purchases, data from wearable devices — that can be reconstructed by law enforcement to show someone sought abortion care.
“HIPAA doesn’t reach this whole other world of data that says a lot about your health, but isn’t found in a traditional medical record,” Shachar said.
Fertility apps that track menstrual cycles have received lots of attention in the wake of Dobbs, since they store data obviously relevant to reproduction. “These apps contain information about the dates of your periods,” which could be used to date when someone became pregnant, said Fowler of the University of Houston Law Center. “If someone were looking for evidence that an abortion was outside of the legal window, they could look at whether or not the last menstrual period was indicated in that range in that app.”
But privacy worries extend far beyond information stored in a single app.
“We live in a world where so much of our lives are connected digitally, we leave vast trails in our wake,” Fowler said. Changes in purchasing patterns might suggest a pregnancy, while Google searches for abortion clinics or how to obtain abortion pills might signal intent. Programs as seemingly innocuous as weather apps or games often track user location and could be used to show proximity to an abortion clinic, she said: “Even if any bit of that information doesn’t reveal anything specific, taken as a whole, it can reveal quite a bit.”
Data brokers can purchase these data from multiple sources, aggregate them and sell the bundled information to anyone willing to pay for it. “Data from people who are pregnant, or trying to be, are potentially 15 times more valuable [to advertisers],” Fowler said, and there are no privacy protections around these data in the face of a court order. An online privacy company, DeleteMe, reports that 80 data brokers might track a typical individual in a year. Some democratic senators have introduced legislation to ban data brokers from selling health- and location-related data, though the industry remains resistant.
Before Dobbs, digital data was already, on rare occasions, being used to prosecute people in anti-abortion states. In 2017, prosecutors used phone internet search data about abortion pills to successfully argue that Latice Fisher, a Mississippi woman, had murdered her fetus. Post-Dobbs, abortion care advocates argue such tactics could become more widespread.
In the absence of broader policy changes, it falls on individuals to protect their privacy. But that’s a lot to ask of people in such a tech-dependent world, Fowler said. “If it really comes down to telling people that the only option that we have is to get off the grid, we have an enormous policy failure that we have to grapple with.”