Paubox blog: HIPAA compliant email made easy

Reproductive health data isn’t always protected under HIPAA

Written by Abby Grifno | April 13, 2023

While the U.S. Department of Health & Human Services is proposing new measures to protect patient-provider confidentiality in healthcare, reproductive health apps remain largely unprotected. 

 

What happened:

After Roe v. Wade was overturned in 2022, more attention is being paid to reproductive healthcare apps. Popular apps that track period cycles, predict fertility windows, and understand reproductive health-related symptoms are not protected under HIPAA. Apps are in the limelight as they may now be used as a tool to enforce abortion ban laws.  

With many states enacting bans on abortion, legislators are struggling to help patient-provider confidentiality laws keep up. 

 

Why it matters:

Data entered into these apps, or messages sent to healthcare providers within them, can legally be sold to 3rd parties or used in legal investigations where states have banned abortion. 

Currently, reproductive healthcare apps are required to provide data if it is for a legal investigation. With 13 states having a full ban on abortion and more expecting to follow suit, authorities may request data in an attempt to prosecute or prevent abortions.  

According to Albert Fox Cahn, founder of the Surveillance Technology Oversight Project, there are no safeguards to prevent police from “weaponiz[ing] this data.” 

 

Driving the news:

Some reproductive health apps are responding to the Dobbs ruling by providing an anonymous mode, where users do not have to provide their personal information in order to use their period-tracking tools. Programs like these make it easier for apps to remain neutral as authorities attempt to prevent abortions in states where they are illegal.  

Furthermore, the U.S. Department of Health & Human Services (HHS) hopes to strengthen patient-provider confidentiality. If their proposal goes through, prosecutors will no longer be able to use protected health information in investigations, which includes abortion care. 

Read more:  HHS seeks to strengthen HIPAA Privacy Rule for reproductive health care

Even though HHS is proposing new confidentiality measures, their proposal doesn’t include reproductive healthcare through apps. 

States like California and Washington are making efforts to protect reproductive data by introducing bills that apply confidentiality laws to digital information, but the bills have yet to pass.   

 

In the know:

Most apps require users to agree to their terms of service before allowing data to be inputted into the system. Terms of service include a notification that data may be sent to authorities when required by law. Apps like Flo also promise to not sell to 3rd parties for marketing purposes. Without HIPAA regulation, their stance could change at any moment. 

Data can also be sold or sent to law enforcement retroactively, as many apps keep tracking reproductive cycles even if the user isn’t regularly inputting data. According to Hayley Tsukayama, Senior Legislative Activity at the Electronic Frontier Foundation, between 2018 and 2020, “Google alone received more than 5,700 reverse warrant demands from states that now have anti-abortion and anti-LGBTQ legislation on the books.”

Users wishing to delete their data will have to remove their accounts and request that their personal information be erased by contacting the app directly.

 

The bottom line

HIPAA doesn’t currently apply to reproductive apps that track menstrual cycles. Still, developments are rapidly occurring as lawmakers decide how to respond. Many apps are taking a proactive approach to protecting data and providing patient-provider confidentiality. 

RelatedHIPAA Complaint Email: The Definitive Guide