Reproductive health care faces legal and surveillance challenges post-Roe – new research offers guidance

Long before Roe v. Wade was overturned, reproductive justice advocates had been sounding the alarm about the increasing number of women subjected to criminal investigation for suspected abortion, stillbirth or miscarriage. These cases were often initiated by health care providers and bolstered by state laws used to prosecute women for having abortions.

Newer laws, however, incentivize people outside of health care, including friends and family members, to report someone they suspect of having an abortion or helping someone else with an abortion. Coupled with the unprecedented access that authorities now have to digital information, these laws create new avenues for prosecution.

In the post-Roe era, people capable of pregnancy face growing threats. Health care providers, family, friends, information on personal devices and virtually any activity that can be observed or recorded pose privacy risks that can lead to prosecution. I study online privacy. This vast scope for potential surveillance and privacy intrusion is a key focus of the research my colleagues and I conduct.

In a recent paper, we surveyed reproductive health care providers about their privacy and security practices. We used the results to map the path of a hypothetical “Jane” to illustrate how people can identify privacy risks in their own situations. This choose-your-adventure approach helps readers navigate the potential legal, digital and personal challenges involved in accessing reproductive health care – and reveals the grim stakes.

Privacy protections

Historically, health care providers who opposed abortion have been the primary sources for reporting patients suspected of seeking abortions. While they remain a significant threat, additional risks to patient privacy have emerged. For example, state laws increasingly compel providers to hand over medical records.

This circumvents new Health Insurance Portability and Accountability Act protections meant to shield protected reproductive health information from use in investigations when people seek abortions in states where the procedure is legal. Authorities might also be able to access records across state lines where abortion is legal – for example, when different electronic health record systems can share data.

It is also possible that, in the future, electronic health records could be seized across state lines. Last year, in a letter to the U.S. Department of Health and Human Services, 19 state attorneys general protested the new federal data privacy rules. Texas followed up with a lawsuit against the Biden administration over the rule.

Even so-called shield laws adopted by some states meant to protect people seeking abortions from record seizures have loopholes.

Privacy vulnerabilities

Despite some protections offered by the Health Insurance Portability and Accountability Act, additional gaps in safeguarding reproductive health information persist. Data captured outside medical portals, such as from apps or pharmacy transactions, often falls outside the federal law’s scope.

It’s important to note that apps that capture consumer reproductive health data, like period trackers, do not necessarily pose a greater risk than informants. But the dystopian potential of governments reaching into personal intimate data, and the simplicity of the remedy – deleting an app – draw disproportionate attention.

While it’s not entirely clear whether period trackers are definitively good or bad from a digital privacy perspective, they do offer potential benefits, such as helping people prevent unwanted pregnancies and thus avoid prosecution.

Once reported to authorities, activities conducted on personal devices – browsing history, purchases, location data, and messages with friends or family – can become evidence in prosecutions. Authorities have shown a willingness to subpoena records from social media platforms, and they frequently access personal devices.

Additionally, laws that incentivize family, friends and partners to report suspected abortions create a threat of surveillance from intimate associates. These dynamics are exacerbated by new laws that criminalize “trafficking” minors – transporting them across state lines – for abortion services.

Providers’ role protecting privacy

In our research, my colleagues and I found that reproductive health care providers can play a critical role in guiding patients on adopting privacy strategies and helping them navigate an increasingly complex landscape of privacy threats. Clinics are trusted spaces for affordable, progressive care that often shield patients from judgment or harm.

Based on our interviews with reproductive health care providers, the protocols they use to manage communications, billing and other aspects of patient interactions have proved effective at protecting privacy, especially for vulnerable populations like minors or people with abusive partners. However, people seeking abortions face more nuanced threats. Providers tend to overlook digital risks and threats of prosecution tied to patients’ devices and records.

This gap in awareness leaves patients without critical guidance for protecting their privacy. Our initial research conducted in the aftermath of the Dobbs decision revealed that people capable of pregnancy express profound concerns about reproductive privacy, yet often feel inadequately prepared to navigate its complexities.

Findings from our forthcoming research suggest that many patients take extensive precautions, yet it’s not clear how effectively they can prioritize their digital strategies. At the same time, these people place significant trust in their reproductive health care providers, especially because they often deem existing guidance on privacy untrustworthy or insufficient.

Although providers may currently be less attuned to the newer privacy risks, they could play a crucial role in addressing them. By incorporating digital privacy and threat modeling into their care, providers can help patients navigate a complex landscape of threats in an environment of pervasive surveillance.