As we observe a year since the Dobbs decision, people seeking reproductive health care in the U.S. face new threats to their privacy and access to their personal health. One of the biggest concerns for reproductive health is data privacy: how data collected from patients could be used to penalize anyone considering or seeking an abortion, along with tracking health care providers who provide care.
With the widespread adoption of electronic health records (EHRs), a digital version of a patient’s paper chart, and hundreds of personal health apps, the overturned ruling has created an increase of security and privacy concerns in how medical information is documented, accessed, and utilized in the consumer domain.
The clinical informatics community needs to come together to safeguard patients’ health and educate patients about the security risks associated with their health data. Here are five measures to help patients protect the privacy of their health information.
1. Avoid posting questions on social media and leaving search tabs open
Using social media apps and searching on the Internet about pregnancy or abortion options can be risky. These services and health apps may collect, share, and sell data without informed patient consent. Something as simple as a search history or a Facebook direct message can be used to prosecute patients. Research suggests 99.1% of U.S.-based abortion clinic websites use third-party tracking, which could potentially sell and share browsing data with law enforcement and civil litigants.
However, there are actions patients can take to limit potential security risks:
- Close out of internet browser tabs after visiting websites that may contain information on reproductive health services, abortion, abortion providers, etc.
- After each search, clear browser history and cookies on all devices – whether on a laptop, mobile phone, or tablet.
- Use a browser with strong privacy measures, such as Tor, Firefox, Safari, or Brave, instead of Chrome or Microsoft Edge.
- Use a search engine such as DuckDuckGo, Brave Search, or Startpage instead of Google or Bing.
- Use a VPN (virtual private network) connection when available.
2. Delete period tracking applications
Hundreds of people use health apps to track their menstrual cycles. Flo, one of the most popular women’s health apps, has 50 million monthly active users. The health data stored in these apps is sensitive and personal.
Some companies, like Flo, are taking steps to protect sensitive reproductive health information, such as providing the option for users to remain anonymous while operating the app.
While the privacy policies of these apps are in flux, the most secure option is to delete and disable period tracking on athletic and health-tracking apps. There’s always the option to track on paper.
3. Turn off access to location services
Location services can enhance the functionality of a software application, but it also increases the privacy risk because they can collect information about location and activities, including the patient’s doctor’s office and when they last visited. Think about apps like maps, ride-sharing services, or any app that allows someone to “check-in.” By using those types of apps, identifying information can be collected and shared with others, including law enforcement.
To best protect this information, patients should consider turning off location services or deleting their activity history within specific apps.
4. Check patient portal settings.
Patient portals such as MyHealth or MyChart are good tools to communicate with healthcare providers, schedule appointments, or view details about lab results and medications.
For these applications, patients should always check the settings to see if they have given proxy access to a family member or spouse. If they have, they may want to deactivate their proxy access or the portal account to ensure their information remains confidential. Patients also have the right to ask their providers to not share notes on the platform if it’s related to their reproductive health care.
5. Opt-out of participation in Health Information Exchange (HIE) platforms
Many healthcare organizations, providers, and health insurance companies participate in Health Information Exchange (HIE) platforms for treatment and payment purposes. In many parts of the country, patients’ health data are “in” the HIE unless the patient specifically opts out of participation. These HIEs allow providers to access their patient’s health information related to all medical care, such as psychotherapy notes, records of substance use treatment, genetic testing, and reproductive health care. Patients can request an exemption form from their provider.
In addition to HIE, each provider has a specific process for privacy restrictions. The Health Insurance Portability and Accountability Act (HIPAA) provides patients with the right to request a restriction on how a provider or hospital uses or discloses protected health information.
While there are several important potential healthcare quality and patient safety advantages of enabling health information sharing between providers, patients should feel empowered to take the necessary steps to limit who has access to their personal health data in specific circumstances, particularly for their reproductive health.
About Natalie Pageler
Natalie Pageler, MD, serves as the Chief Medical Information Officer at Stanford Medicine Children’s Health and is a board-certified pediatric intensivist and one of the first board-certified clinical informaticists. She is also a clinical professor of Pediatric Critical Care and Systems Medicine at the Stanford School of Medicine.