The seismic crumbling of U.S. federal abortion protection shocked the nation last summer. From wide ranging personal responses to corporate promises of abortion assistance, the landscape for reproductive health is experiencing unprecedented change. Evolving overnight, state reproductive rights laws vary significantly in their protection – or criminalization – of women’s reproductive choices, politicizing matters of personal and maternal health. Healthcare providers and technology companies must carefully navigate these shifting laws and political undercurrents to understand their impact on moral and ethical duties. To help companies navigate this space, this article explores two common legal challenges currently impacting reproductive health companies in a post-Roe world.
Challenge #1: Privacy of reproductive health data
In response to the leaked abortion decision in May 2022, media outlets and legal experts encouraged women to delete their female health technology (“femtech”) apps from their mobile devices. This recommendation gained increased support with the official removal of federal abortion protection, leading women to fear that the data in their femtech apps could be used against them to prosecute abortion-related crimes. Reproductive health data entered into a femtech app could prove that a woman sought an abortion in a state where such medical procedures are outlawed or criminalized. This concern has sparked broader conversations about the privacy of reproductive health data for both health technology companies and provider organizations.
Why it matters: Consumers’ fear about the privacy of their health data may result in women not only deleting data from their femtech apps, but also avoiding proper medical attention for reproductive health conditions or diseases. First, the deletion of femtech apps results in the disempowerment of women and stifles innovation for women’s healthcare. The growth of the femtech industry was premised on the historic exclusion of women from modern medicine and the need to empower women to understand and control their bodies. Seeking to prioritize and drive technological advancements for women’s health, femtech has served as a marker of autonomy and progress since 2016. However, the failure of many femtech companies to prioritize the privacy and security of women’s health data has contributed to the current environment of fear and mistrust, which threatens to undermine the entire femtech vertical. Further, women who reside in states that have criminalized abortion may be more likely to delete their femtech apps, resulting in decreased data diversity and inaccuracy of algorithmic predictions.
Second, data privacy concerns may result in women avoiding or postponing necessary medical care. Women fear that their medical records could be subpoenaed from their healthcare providers or apps. While healthcare providers are typically bound by the Health Insurance Portability and Accountability Act (“HIPAA”), HIPAA contains a permissible disclosure exception for lawful subpoenas and court orders. This means, depending on the healthcare organization’s policies, providers may lawfully disclose a patient’s reproductive health data if presented with a subpoena or court mandate. Further, some states have clinician reporting requirements that compel physicians to disclose abortion procedures or suspected abortions to state authorities. From a femtech perspective, most apps are not governed by HIPAA.
What can be done: Given this environment, femtech companies and providers must take steps to protect women’s privacy and regain the shattered trust surrounding this industry. Femtech companies should actively review their data collection practices to ensure they are only collecting the minimum amount of data necessary for the app to function. Recent studies have shown that accurate women’s health predictions can be made by some companies that collect far less data than their competitors. To determine what data is essential, femtech companies should identify the data categories necessary for the app to function properly and remove surplus data categories requests. Data maps can also allow companies to identify the different types of data that they request and store.
Providers, on the other hand, should ensure that they understand their company’s policies regarding data disclosure to law enforcement officers upon receipt of a subpoena or court order, along with any proper escalation procedures. To the extent a healthcare company does not have established policies governing the organization’s response to such subpoenas and court orders, that company should create and disseminate these documents immediately. Healthcare companies should also communicate their position on these types of data disclosures to patients, enabling them to make informed decisions about whether they are comfortable seeking care at a particular facility. Transparency about how a healthcare organization will disclose reproductive health data is essential.
Challenge #2: Understanding telehealth barriers
The adoption of digital health solutions has proliferated over the past two years as a result of the Covid-19 pandemic. The corresponding expansion of telehealth platforms has signified a shift in patients’ preferred care location from the medical office to the home. However, with the state-by-state changes to abortion access, providers have expressed uncertainty regarding whether their telehealth platforms and reproductive health services are properly accessible to patients in abortion-restricted states.
Why it matters: The uncertain reproductive health landscape means increased exposure to liability for providers who offer abortion-related services in jurisdictions that have criminalized abortion. Providers who operate in multiple jurisdictions must remain familiar and up to date with the changing regulatory requirements for each state where the provider is licensed or performing medical services. Further, in states that have enacted aiding and abetting laws, providers must ensure that their actions and patient communications are not interpreted as encouraging abortions or supplying the means for a patient to obtain an illegal abortion. Abortion aiding and abetting laws have not been sufficiently tested in courts yet, so it is unclear where exactly the boundaries will be drawn between protected patient-provider communications and aiding and abetting abortion. Until these lines are clear, providers must assess their own risk tolerance and understand that their activities may form the basis for initial lawsuits under these new legal frameworks.
What can be done: To help minimize the risk of liability, providers must clearly understand where their reproductive health services can be accessed. The key determinant in most states is the patient’s location at the time the provider renders healthcare services. For example, if a patient resides in Texas (an abortion-restricted state), but travels to and receives healthcare services while she is in California (an abortion-protected state), a California licensed physician can legally provide reproductive healthcare services to that patient. It’s important to note, however, that some states are attempting to prohibit their residents from traveling across state boundaries to receive abortions. Such restrictions on healthcare travel are likely to be heavily contested in court, should they be passed by a state legislature.
Providers offering reproductive health services via telehealth should take reasonable steps to ensure that the patients they serve are, in fact, located in the proper jurisdiction. Given the current landscape, providers run the risk that a patient in an abortion-restricted state could attempt to access healthcare services online from a provider in an abortion-protected state. This is particularly true given that patients are becoming more adept at establishing virtual mailboxes, which can hide their true location and allow for the forwarding of abortion pills or other prescriptions into abortion-restricted states. If the provider engages in abortion-related care with a patient without first verifying her location (or otherwise being protected under state law), that provider could be exposed to an increased risk of liability. Providers and healthcare organizations looking to minimize risk should enact safeguards to reasonably verify a patient’s location at the time of healthcare services.
Further, providers that tele-prescribe abortion medication should ensure that they satisfy all state law requirements for tele-prescribing. Most states, for example, require that providers establish a patient-physician relationship and conduct an appropriate medical evaluation before tele-prescribing any medication. In the reproductive health context, such evaluation may require the physician to verify the patient’s stage and timeline of pregnancy, her general medical history, current prescriptions and drug interactions, and more. At all times, physicians should act in accordance with the appropriate standard of care, which may require that the physician arrange for or ensure the patient has access to appropriate follow-up care after the telehealth encounter. Providers should fully understand each state’s tele-prescribing requirements and limitations before dispensing abortion pills.
Finally, providers may wish to caution patients that the abortion pills should be taken while the patient is in an abortion-protected state. If a patient travels across state lines to obtain abortion pills and then returns to her home in an abortion-restricted state to take the pills, she may be found to have committed an illegal abortion. Further, if a woman seeks follow-up care in an abortion-restricted state following her medication abortion, her provider may have a duty under state law to report an actual or suspected abortion to the state. As a result, providers that intend to serve patients from other states should develop a communication script that they can use to deliver pertinent information to these patients.
Photo credit: Aleksei Morozov, Getty Images