The SAFER Health Act strengthens current privacy laws to ensure abortion-related health data cannot be shared without patient consent
March 24, 2023 (ACP) — The American College of Physicians supports legislation that would bolster medical privacy laws to make sure that abortion-related health data cannot be released without patient consent.
In a March 6 letter to Rep. Anna Eshoo, ranking member of the House Energy and Commerce Health Subcommittee, and Rep. Sara Jacobs, ACP showed appreciation to the House members for introducing the Secure Access for Essential Reproductive (SAFER) Health Act.
The bill “would prevent HIPAA [Health Insurance Portability and Accountability Act]-covered entities from disclosing personal health information related to pregnancy termination or loss in civil, criminal, administrative, or legislative proceedings without a valid authorization from the patient,” Dr. Ryan D. Mire, ACP president, wrote in the letter.
“The legislation includes exceptions if such personal health information is necessary in professional liability proceedings, to investigate physical harm to the individual or if the individual cannot consent due to incapacitation,” Mire added. “ACP policy states that permissible information-sharing activities requiring notice but not requiring consent must be narrowly defined, societally valuable activities of public health reporting, population health management, quality improvement, performance measurement, and clinical education.”
ACP has recently addressed reproductive privacy in two policy statements: a brief published in February 2023 about reproductive health policy and a position paper on health information privacy, protection and use published in 2021.
In regard to privacy, “ACP believes that there is a need for an expanded framework that ‘should protect personal health information from unauthorized, discriminatory, deceptive, or harmful uses and align with the principles of medical ethics, respect individual rights, and support the culture of trust necessary to maintain and improve care delivery,’” said Nadia Daneshvar, ACP associate for health IT policy. “Much is at stake when the privacy of health information is not protected, including patient health and well-being, as well as civil rights and equity.”
Regarding reproductive health, as stated in the March 6 letter on the SAFER Health Act, “ACP believes in the principle of patient autonomy and ensuring access for all patients to the full range of reproductive health care services, including abortion, and believes that such reproductive health care decisions are foundational to the patient-physician relationship.”
ACP is especially concerned that entities could be compelled to disclose private information about an individual's efforts to obtain abortion-related services, which could then be used against that individual or their health care professional by law enforcement. “Data not protected under HIPAA could include information from a variety of sources, including regularly collected mobile device geolocation data placing an individual at a site that provides abortion services; data from mobile applications used to track one's menstrual cycle that indicates any interruptions in the cycle; and web searches, communications, and/or digital payments for abortion services,” Mire wrote in the letter.
In the letter to the House representatives, ACP advocates for an expansion of the act's application to include non-HIPAA-covered entities in addition to the HIPAA-covered entities it would apply to as currently drafted. “[A]bsent a national data privacy standard, ACP recommends that the enhanced privacy protections for abortion services provided for in H.R. 459 for HIPAA-covered entities be extended to non-HIPAA-covered entities, such as mobile health applications, internet search engines, data brokers and others that collect personal health data,” Mire wrote.
While the SAFER Health Act is not likely to progress through Congress, ACP's work to strengthen medical privacy is ongoing. In March 2023, Daneshvar noted, ACP submitted comments in response to a National Telecommunications and Information Administration notice and request for comment regarding privacy, equity and civil rights. “In the response letter, ACP expressed the need for increased privacy protections for health-related information because of the various unexpected ways data can be used in discriminatory or inequitable ways without a patient's knowledge or consent,” she said.
And she noted that ACP cohosted Sirona Strategies' annual Health IT Leadership Roundtable in December. (For more, see a white paper that was published in February 2023.) Daneshvar took part as a panelist in a session about the protection of non-HIPAA-covered health data.
“The panel discussed the scope of federal regulations that could protect health data that is not covered under HIPAA, the importance of privacy principles like ‘privacy by design’ and the American Data Privacy and Protection Act,” she said. “I emphasized the importance of trust in the patient-physician relationship and warned that distrust resulting from inadequate health data protections could lead to patients withholding clinically important information from their clinician, which could result in harmful health consequences for the patient.”