The Biden-Harris administration announced new actions aimed at protecting the reproductive data of women in the US, deemed necessary by many privacy advocates since the landmark overturning of Roe vs. Wade last summer.
The Task Force on Reproductive Healthcare Access met with lawmakers on Capitol Hill to discuss at least half a dozen proposed actions.
When it comes to the security of women's electronic health records, the new proposed privacy safeguards will prevent law enforcement from obtaining the data and then using it to investigate or prosecute individuals for seeking, facilitating, or having abortions.
The rule, intended to strengthen the US Health Insurance Portability and Accountability Act (HIPAA), would also protect healthcare providers, insurers, and other healthcare entities who perform or pay for abortions.
HIPAA privacy safeguards is a federal law and applies to all individual healthcare providers, healthcare facilities, and organizations, including health insurance companies.
One senior administrator said the White House had been hearing directly from patients and privacy advocates on how the lack of data protections have been negatively influencing women seeking medical help.
"They're scared. They are concerned about their medical information being misused and disclosed," the official said.
Under current HIPAA rules, “the disclosure of protected health information to law enforcement officials under certain circumstances including complying with court orders, warrants, subpoena, or for the purposes of identifying or locating suspects and fugitives” is allowed but not required.
The new rule would create an exception to exclude reproductive data from these HIPAA regulations to include, "A criminal, civil, or administrative investigation into or proceeding against any person in connection with seeking, obtaining, providing, or facilitating reproductive health care that is lawful under the circumstances in which it is provided," the HHS states.
Under the new rule "the identification of any person for the purpose of initiating such an investigation or proceeding" is also prohibited.
According to the HHS, the rule will also strengthen patient-provider confidentiality and help health care providers give complete and accurate information to patients.
The HHS also states that patients have the right to ask that their electronic health information generally not be disclosed by their physician, hospital, or other health care provider—including to other health care providers.
The Federal Trade Commission (FTC) joined the initiative and committed to “enforcing the law against illegal use and sharing of highly sensitive data, including information related to reproductive health care.”
The proposal will extend to any type of mobile tool or website offered by or on behalf of a covered entity, such as a doctors office, hospital or health plan.
For example, websites and apps that use tools such as “cookies” can no longer be used to track online activity and information that may reveal private reproductive and sexual health information.
Unfortunately, HIPAA Rules do not protect the privacy or security of health information when it is accessed through or stored on a personal cell phone or tablet.
That means any reproductive app – such as a menstrual or fertility tracker – downloaded to a personal device is not required to protect and secure the information an individual personally enters into the app.
Last May, over forty US lawmakers, called on Google to reform their data collection and retention practices in the lead-up to the Supreme Court ruling; fearful personal data could be used to identify and prosecute people seeking abortions.
The rise of femtech apps in the past few years among Western women has also raised concerns about the privacy of the data these apps collect.
Research shows almost 90% of these femtech apps allow behavioral tracking and share data with third parties, while 60% track a uses location.
The proposed bill, My Body My Data Act, was introduced by lawmakers last year to limit the amount of reproductive data collected and stored from an app, but has not yet been passed.
This information can include personally identifiable information (PII), such as name, age, location, and email address, combined with a person’s health details, birth control use, menstrual cycle notes, reproductive treatments, doctors appointments, etc.
The HHS has provided instructions on how to help secure health data in personal devices.
Since the June 24, 2022 Supreme Court decision to roll back Roe vs. Wade, a dozen states have banned abortions, causing thousands of women to travel to other states seeking the medical procedure.
And, at least a dozen other states are in the process of, or are expected to enact similar restrictions on abortion over the coming months.
The proposed rules come on the heels of last week's decision in a Texas court to suspend the US Food and Drug Administration's (FDA) approved abortion-inducing drug, mifepristone, which has been on the market for over 20 years.
The new rules are set to be finalized after a 60-day public comment period.
Your email address will not be published. Required fields are markedmarked