Op-Ed: Privacy in the Age of Abortion Restrictions

If states criminalize, restrict, or even eliminate abortion care, databases that store patient information risk being accessed by hackers and law enforcement to prosecute, publicize, and stigmatize those who have sought an abortion.

In the U.S. Supreme Court hearings of Mississippi’s Dobbs v. Jackson Women’s Health Organization case on December 1, it became clear that the two most important pieces of abortion legislation — Roe v. Wade and Planned Parenthood v. Casey — are under serious threat.

In 1973, Roe v. Wade declared abortion a matter of privacy. In 1992, Planned Parenthood v. Casey made abortion a right until the age of fetal viability. Mississippi’s law would dismantle both by permitting states to enact abortion restrictions prior to fetal viability, putting family planning in state control.

Total state jurisdiction over abortion laws would make family planning across the country inconsistent and dangerous: the recent Texas abortion ban encourages community surveillance by allowing private citizens to sue abortion patients and providers, receiving $10,000 or more if they are successful. And the surveillance would not stop there.

This ruling would come at an interesting time in the history of healthcare: digital healthcare has rapidly expanded and private and public databases store vast swaths of patient information. 

Telehealth companies, government agencies, and private corporations cannot guarantee that patient information is private. As more people have relied on telehealth companies for care, they have experienced a huge increase in cyberattacks, from 7.6 million patient data files breached in the first half of 2020 to 21.3 million in the latter half of that year. That’s not counting the breaches in other sectors, like organizations who deliver abortion pills or provide information on how to obtain an abortion. When many people use the same device for work and personal tasks, a breach at work could compromise personal health data too.

If states criminalize, restrict, or even eliminate abortion care, databases that store patient information risk being accessed by hackers and law enforcement to prosecute, publicize, and stigmatize those who have sought an abortion.

If this seems paranoid, consider that under former Florida governor Jeb Bush, women who had children out of wedlock that they put up for adoption had to advertise their sexual histories in the newspaper. Though this law was repealed, it demonstrates a mentality among Republican lawmakers that it is totally appropriate to publicly shame people for reproductive behavior they deem unsavory.

Aside from using health data to publicly shame or prosecute patients, data breaches could also be used to plan violence. Abortion providers have noted an uptick in violence against patients and clinics whenever there is an uptick in anti-abortion legislation.

The ease of large-scale breaches comes with a large-scale increase in personal attacks, especially if states used private citizens for enforcement, like the Texas abortion ban’s “bounty hunter” clause that allows citizens to sue those they believe have had abortions after six weeks, giving incentives to law enforcement and citizens to access individuals’ medical and location data. With the rise of geofence warrants, law enforcement can check who has visited a clinic and when with little explanation. 

Large collections of personal data can be used to draw highly personal conclusions, demonstrated by the fact that Target’s marketing department can famously predict when a customer is expecting a baby.

Once private citizens are encouraged to monitor the reproductive health of their neighbors, miscarriages will be (and have been) prosecuted

North Dakota has already proposed a similar “bounty hunter” law. States like Wisconsin and Michigan had laws that banned abortion prior to 1973 that would go back into effect if Roe v. Wade was overturned. North Dakota and South Dakota have abortion bans primed to go into effect. 

Closer to home, Minnesota collects more patient information for abortions than for any other procedure, even open-heart surgery. When you get an abortion, your age, race, marital status, education level, income level, number of children, number of previous abortions and miscarriages, and how you are paying for the abortion is shared with the State Commissioner of Health.

Even without a law that encourages citizens to enforce abortion bans, the data the state collects sends a clear message to patients and abortion providers that they aim to stigmatize abortion. It is easy to imagine a future where the state can use this information to pass regional abortion restrictions, while anti-abortion organizations can use the public report to target certain communities with anti-abortion propaganda. 

Crisis pregnancy centers also capture the personal information of people seeking abortion assistance. Anti-abortion crisis pregnancy centers consolidate patient data through large anti-abortion organizations like Heartbeat International, who use that information to optimize their digital marketing strategies to target people seeking abortions. Since these organizations often distribute misinformation on the safety of abortion and have even shamed and bullied women who use their services under the false pretense of nonbiased assistance, their access to patient data is more harmful to comprehensive reproductive healthcare.

It is crucial to preserve Minnesotans’ access to reproductive healthcare. Minnesota’s Supreme Court protected abortion in its 1995 ruling in Doe v. Gomez. Since that time, over 400 anti-abortion laws have been proposed in the Minnesota legislature.

Minnesota has 98 crisis pregnancy centers that have been criticized for offering misleading information about the safety of abortion care (some funded by the state Positive Alternatives Grant) and only eight abortion providers. Those are scant resources to pick up the slack of what might be the last major place to obtain an abortion in the Midwest, especially in an age of digital vulnerability.


Action = Change

Make sure that your password on all telehealth sites is unique and change them every six months. A study from Constella Intelligence found that 72 percent of data breaches included passwords.

Don’t use your work computer or Wi-Fi to access telehealth services.  

Call your representative and support the Patients’ Right to Know Act (HF 522/SF 963) introduced in the Minnesota State House and Senate, which would require healthcare providers to provide medically accurate information about abortions. The bill repeals current laws (including the Women’s Right To Know Act) and prohibits future laws that require healthcare providers to give irrelevant and inaccurate information to patients before they receive healthcare — including abortion care. For example, Minnesota law states that abortion providers must tell patients that receiving an abortion increases their risk of breast cancer. Numerous studies have concluded that there is no association between induced abortion and increased breast cancer risks. 

Donate or volunteer with organizations fighting for reproductive rights: UnrestrictMN, SpiralMN

Donate or volunteer with organizations fighting for digital privacy: Open Web Application Security Project®, Electronic Frontier Foundation