Protecting abortion patients’ digital data in the post-Roe era

After the U.S. Supreme Court took away the federal right to abortion two years ago, telehealth has helped provide ongoing access, including to people in states where abortion is now banned. That was our subject Monday.

Now we are looking into apps that link patients with abortion providers. And digital privacy protections are far from equal across these services, explained Julie F. Kay, executive director at the Abortion Coalition for Telemedicine. The following is an edited transcript of her conversation with Marketplace’s Lily Jamali.

Julie F. Kay: Medication abortion is done by a combination of two pills, mifepristone and misoprostol. The two of them combined can be easily flagged as somebody is accessing them to have an abortion. So, if you’re doing a web search for “How do I get an abortion?” or “What is mifepristone?” there are so many more ways of surveilling people through digital means right now that there is that greater risk.

Lily Jamali: And law enforcement can be the entity that is doing that searching.

Kay: Yeah, we’ve seen that law enforcement can look into people’s social media accounts. We’ve also seen in situations of interpersonal violence, the angry ex-partner or the controlling partner who is looking at digital footprints. For example, there was a case in Texas where there was what we refer to as the angry ex-husband, who was looking through his wife’s texts, and saw her communication with some close friends who are assisting her in accessing medication abortion. And then he leveraged Texas’ law SB 8, which allows you to bring a civilian or a civil case against somebody who is seeking an abortion, whether you have a relationship with them or not.

Jamali: Are you hearing a lot of stories like that one?

Kay: We’re not hearing a lot of stories, but it doesn’t take many to really chill people’s conduct. So we’re hearing a lot of fear. We’re hearing a lot of concerns about legitimate threats, as well as overly vigilant concerns about period trackers and those kinds of things. And it really is the people who are in the most vulnerable positions who remain the most likely to have their digital privacy invaded. We’re not talking so much about mass sweeps, or that kind of “Handmaid’s Tale” surveillance yet, hopefully never. But we are looking at these individual situations of interpersonal violence, or in the case of a teenager whose mother was helping her access services and left sort of a trail on Facebook that was intercepted by state officials. So those kinds of more outlier, extreme or marginalized or disempowered folks, rather than a kind of government sweep of surveillance, is really what we’re seeing right now.

Jamali: I want to ask you about some reporting by Wired magazine, which looked at the top five most popular telehealth abortion apps. And it found that four of them actually shared patient telehealth information. What can patients do to be careful as they vet the many digital platforms that do provide medication abortions?

Kay: I don’t want the burden to be on patients to have to protect themselves. I think that we need, particularly companies and anyone who is providing abortion care, to be really knowledgeable and vigilant around technology and where the default is to not share. In general, medical systems in this country, and from very positive developments, their sharing of patient records so that when you travel from one provider to another, there’s some coordination. They can see what your overall care plan is. That falls flat when you’re looking at abortion services in areas where it’s banned or restricted. So we’re trying to get easier opt-out for the providers in states that are offering abortion services so that people’s medical records don’t become exposed when they’re traveling back to their home state where abortion may be banned or restricted.

Jamali: So was there any part of the reporting that you saw in Wired that surprised you in terms of how these different apps are not all created equal in terms of privacy protections?

Kay: I mean, I’m never surprised at people’s inability to protect their digital privacy. I mean, the web is set up to share and sell and exploit information, and that has its problems in the commercial space, but it really can create some very risky and damaging aspects of trying to access abortion care and for medical privacy. I can’t think of another area of medicine that is as stigmatized as abortion care. If you travel somewhere, your medical privacy gets exposed. [If] it was a colonoscopy, it may be embarrassing and may be something you don’t want to share, but it’s not criminalized. Even if somebody knows you’re accessing Viagra online, OK, not great, could be the subject of a few jokes or something. But that’s very different from if you’re in Arkansas and using telemedicine to get an abortion from a shield state provider, where it’s legal and safe. But that doesn’t mean that you’re not going to be targeted for harassment or stigmatized or those kinds of things. It’s never a crime for a woman or a pregnant person to take medication abortion anywhere in this country, wherever they are. It is a crime for somebody to hand you a pill in a state where it’s banned and those kinds of things.

And now we’re hearing even greater threats about travel and those kinds of things. So surveillance may not necessarily criminalize the patient, although we’ve seen prosecutors overreach and bring charges about sort of disposal of a corpse or all these kinds of exaggerated trying to charge a pregnant person for behavior during pregnancy. But that doesn’t constitute the same thing as criminalizing somebody for actually taking medication abortion themselves.

Jamali: Let’s talk a little bit more about these states with shield laws. There are seven of them as of now. And they protect the patient and out-of-state doctors from being penalized, which you mentioned. How do some of these state laws protect the digital data that could be used by law-enforcement agencies against both a patient and an out-of-state doctor?

Kay: So what the telemedicine abortion shield laws do is prevent the shield state from participating in an investigation of a provider of telemedicine who is licensed in the shield state and provides care to somebody in any of the other 49 states. And it also prevents that provider from being extradited. Criminal charges are filed against them from somebody in a ban state, they come to the shield state and say to the New York officials, “We want to extradite this provider.” New York says, “No, we’re not going to send them to Alabama to face criminal charges because what they did was legally protected activity within New York state.” So the person from Alabama says, “OK fine. I have a subpoena. Hand me over all the digital records as well as all whatever records you have.” And the state of New York says, “No, our shield law prevents us from honoring that subpoena, from participating in an investigation.” So there’s a great deal of protection in these laws for records and privacy sharing.

We’re looking at the enforcement of that against sort of the servers, the providers, the tech company who has that information, like they should not be handing over information from their databases and their servers if they’re in the shield states because the law prohibits participation in those investigations. These laws are incredibly new. We’re still sort of fleshing out what they look like and what can happen where. We’ve been working with some attorneys general in the shield states, who are very strongly defending these laws and protective of the services that they enable providers to provide to all 50 states. But we do need to have more conversations with people in the tech world who care and even with those who don’t care so much, because it is the law in these states. And the law is working. I mean, right now, telemedicine abortion shield law providers are serving up to 10,000 women a month in places where abortion has been put out of reach or banned or restricted. And so we’re looking at a real skyrocketing demand and a real need for people to become aware of this and that this is legal, safe and affordable abortion care for everybody who needs it.

Jamali: So in addition to these shield laws that are popping up in different states since the Dobbs decision, I wonder just on the digital privacy front, how do you see federal and state regulation evolving from here? Regulation that’s aimed at protecting consumers, but specifically those who are trying to seek abortions.

Kay: You know, I would say more protections, more recognition that abortion is special and different. This idea of criminalizing health care is one that we’re fighting and having to live with at the same time. So all of a sudden your medical records and your health care providers’ business records are not just about health care, they’re about health care that has been criminalized and that is fundamental to accessing your human rights to decide whether, when and with whom to have a child or not. So we’re not just talking about daily medical care, but really looking at this as protection of privacy rights, as something that is needed more than ever since the Supreme Court did away with the federal constitutional right to abortion, which was based in a concept of privacy that would have offered greater protection than where we are now, or it did offer greater protection than where we are now. So I think there’s a lot that the federal government can do as far as carving out exceptions for abortion when they are doing this medical-record sharing as sort of the default — not making it difficult for providers, whether they’re brick-and-mortar clinics or telemedicine, to opt out of sharing the patient information.

We should be making it easy for patients to say, “I don’t want this to go on my medical record,” just tick a box or just say, “Please do not share this.” We need to be bending over backwards to make sure these provisions are in place and that the onus is not put on the patient who is in the middle of navigating getting some pretty essential health care to then figure out all the ways to protect their digital privacy. And it’s not an easy time for that, by any means, and state surveillance is real. Before the dawn of the internet, and when Roe v. Wade was still the law of the land, we saw patient medical records being subpoenaed, being weaponized against providers through clinic regulations, through threats of harassment, of everything from taking pictures of license plates in parking lots of clinics to subpoenaing medical records to looking at abortion procedures that were done later in pregnancy and trying to criminalize that behavior as well. So it’s not new what’s happening, but the tools are new, and as with all things digital, they’re more effective than ever.

Stories You Might Like

States move to limit telehealth options for women seeking abortion pills

Telehealth widens access to abortion care as lawmakers restrict it

Abortion rights groups are mobilizing ahead of the 2022 midterm elections

Abortion access as an employee benefit?

Employers are adding abortion travel benefits, but many workers are still left out

With Roe overturned, tech companies will have to weigh big data questions