Protecting reproductive health information in the post-Roe era: interoperability strategies for healthcare institutions

Raman R Khanna; Sara G Murray; Timothy Wen; Kirsten Salmeen; Tushani Illangasekare; Nerys Benfield; Julia Adler-Milstein; Lucia Savage

doi:10.1093/jamia/ocac194

. 2022 Oct 26;30(1):161–166. doi: 10.1093/jamia/ocac194

Protecting reproductive health information in the post-Roe era: interoperability strategies for healthcare institutions

Raman R Khanna ^1,^✉, Sara G Murray ², Timothy Wen ³, Kirsten Salmeen ⁴, Tushani Illangasekare ⁵, Nerys Benfield ⁶, Julia Adler-Milstein ^7,⁸, Lucia Savage ⁹

PMCID: PMC9748529 PMID: 36287823

Abstract

On June 24, 2022, the US Supreme Court ended constitutional protections for abortion, resulting in wide variability in access from severe restrictions in many states and fewer restrictions in others. Healthcare institutions capture information about patients’ pregnancy and abortion care and, due to interoperability, may share it in ways that expose their providers and patients to social stigma and potential legal jeopardy in states with severe restrictions. In this article, we describe sources of risk to patients and providers that arise from interoperability and specify actions that institutions can take to reduce that risk. Institutions have significant power to define their practices for how and where care is documented, how patients are identified, where data are sent or hosted, and how patients are counseled, and thus should protect patients’ privacy and ability to receive medical care that is safe and legal where it is performed.

Keywords: reproductive rights, post-Roe, abortion, pregnancy, interoperability

INTRODUCTION

With its ruling in Dobbs v. Jackson Women’s Health Organization,¹ the US Supreme Court ended constitutional protections for abortion, which is now severely restricted in a growing number of states.²^,³ The health and legal implications of this ruling are likely to be profound for both healthcare providers and patients.⁴^,⁵ Some states with severe restrictions are debating barring residents from travelling for abortion,⁶ while states with fewer restrictions are moving to shield providers from criminal prosecution.⁷ Providers and institutions are expecting to be drawn into legal disputes about how the abortion laws of each state will interact.

Because abortion restrictions now vary significantly between states, Electronic Health Record (EHR) interoperability may put providers and patients at risk of stigma and potential legal harm.⁸ Institutions currently share data for patient care,⁹ population level analysis,¹⁰ and patient and family self-care.¹¹ Federal health policy has supported, incentivized, and even required such sharing since at least 1996, when the Health Insurance Portability and Accountability Act (HIPAA) required standardized data for electronic health claims.¹²^,¹³ Data exchange has further advanced under the 2009 HITECH Act¹⁴ and 2016 21st Century Cures Act¹⁵ and related regulations, including those from CMS and the Office for National Coordinator for Health IT (ONC).¹⁶ These laws require providers to make protected health information (PHI) available to patients “without special effort” and remove technical barriers that were often excuses to impede exchange.¹⁷ Through EHR functionality such as Epic’s Care Everywhere, providers can now easily view notes and care provided at other institutions, seamlessly interdigitated into the patient’s chart. Patients can now obtain their PHI on demand, including through third party applications. Meanwhile, the federal government is iterating on semantic standards for EHR data, such as the rapidly evolving US Core Data for Interoperability (USCDI) to ensure that data are not only available across institutions, but that they “mean the same thing.”¹⁸ In this context, the decision in Dobbs has dramatic implications. The latest version of USCDI has pregnancy as one of its “Health Status” data elements,¹⁹ under the theory that “Capturing data related to pregnancy in a standardized way will improve research and quality measurement…”; a theory that did not contemplate aspects of pregnancy and abortion care becoming illegal.

Here we discuss key aspects of this increased interoperability which create stigma and potential legal risk in the post-Roe world and focus on how healthcare institutions specifically can mitigate some of these risks.

SOURCES OF RISK

Though Dobbs ostensibly returns us to the pre-1973 regulatory environment for providing abortion, interim technological progress and changes in the regulatory environment for health information and interoperability allow greater access to patients’ pregnancy information than ever before.

The EHR, health information exchanges, and secondary abstraction

By 2019, over 70% of office-based physicians were using a “certified” EHR²⁰ which among other things makes it “easier for patients to access their own electronic health information,” including by means of third-party applications.²¹ Coupled with the USCDI initiative, healthcare providers share patients’ pregnancy and abortion care with one another, with patients, and with third party applications, in unprecedented ways. This interoperability has now become so sophisticated that documentation and laboratory results can be difficult to distinguish between one’s own institution and others’—documenting anywhere is equivalent to documenting everywhere. In many circumstances, pregnancy and abortion care are thus currently viewable across institutions within one’s EHR regardless of where that care was provided and whether it was illegal in any of the states where it can be viewed.

While such “viewed” data are not considered part of the legal medical record at the viewing institution, if a provider in a more restricted state writes “out-of-state abortion” or reconciles a diagnosis code for “elective termination of pregnancy” into their own EHR, the note or diagnosis will become part of the EHR’s “designated record set”²² and the legal medical record in the more restricted state.

Billing records

Abortion is a routine medical procedure and has been paid for through the electronic claims process since HIPAA was first implemented. States could potentially subpoena such claims data even without a subpoena of the institution from which the data originate.

Laboratory, imaging, and pathology records

Even if providers do not share data about pregnancy with one another, routine laboratory and pathology results such as β-HCG trends or products of conception found on examination of dilation and curettage specimens, as well as images and imaging reports from prenatal ultrasound, may provide indirect evidence of abortion, especially from free-standing labs which process 50 million results each year.²³

Medication

Medications such as misoprostol and mifepristone (and for ectopic pregnancies, methotrexate) are used in the provision of abortion, which has already led to their stigmatization.²⁴ Their provision in many situations can also be suggestive of abortion, especially coupled to the data sources above. Such data may be found in pharmacy information systems or in national electronic prescribing networks such as SureScripts which alone processes 17.5 billion ePrescriptions annually.²⁵ Current EHR functionality allows providers to retrieve recent prescriptions provided via the SureScripts interface directly into the EHR.

Patient portals

The post-Dobbs changes regarding reproductive health will be dropping into an already complex legal environment where: (1) HIPAA does not protect reproductive health data or data from minors differently than any other health data; (2) some but not all states have special health information privacy rules that protect reproductive health information, including pregnancy related information, from disclosure without the express written consent of the patient,²⁶ and these rules preempt HIPAA²⁷; and (3) some but not all states also include minors within these special protections, at various trigger ages.²⁸ Because patients can access health information through patient portals, so can their proxies, including in some cases regarding pregnancy and abortion care.

Server locations and legal custody

Increased reliance on cloud infrastructure physically places data on remote servers, some of which reside in more restricted states, even if legal in the physical location where abortion was completed.²⁹ States could assert that they should have access to any data housed on servers physically hosted within their borders.

Overall risk

Patients’ pregnancy and abortion care are more exposed than ever before. Even if institutions protect pregnancy and abortion data, through existing and expanding interoperability the associated information footprint will quickly expand to labs, pharmacies, payers, and patient-managed apps. Thus, institutions should consider several steps to protect their patients.

INSTITUTIONAL MITIGATION STRATEGIES

The tension between providing confidential care for sensitive conditions and sharing important information has many precedents, and tools have evolved that institutions can use, starting immediately. These strategies are also summarized in Table 1.

Table 1.

Sources of risk from interoperability, strategies for mitigation, and additional considerations

Source of risk	Institutional mitigation strategy (less-restricted states)	Institutional mitigation strategy (more restricted states)	Considerations
Pregnancy documentation	Consider not documenting pregnancy status in early 1st trimester or as long as abortion is being considered	Same	Pregnant patients will need to rely on vigilance outside the EHR to avoid teratogenic medications, etc.
EHR free text documentation	Avoid “spontaneous” vs “therapeutic” abortion Implement word substitution “dictionaries” Audit and feedback	Same as protected states, PLUS Avoid documenting abortion care provided elsewhere	Ensure recurrent pregnancy loss is appropriately evaluated
EHR problem list	Use generic diagnosis and procedure codes, eg, Pregnancy with Abortive Outcome O0X, where legally allowable	Same as protected states, PLUS Do not reconcile pregnancy and abortion care diagnoses or procedure codes	Will have billing implications; see below
Patient identity	Provide patients seeking pregnancy and abortion care with a confidential identity	—	May not be feasible for all cases; risk of losing important allergies or similar information; billing and pharmacy implications
Parallel documentation	Create an alternate mechanism for documentation (eg, noninteroperable EHR or paper record)	—	Requires significant resources; not immune to subpoena
Laboratory, imaging, medication	Consider providing services entirely within the protected institution	—	May not be possible in all cases, may be resource-intense
Billing records	Consider providing care out of pocket with no insurance claim Consider donated funding	—	May worsen disparities in pregnancy care
Data exchanges and patient portals	Treat pregnancy and abortion care as sensitive, highly protected Counsel patients about sharing data with 3rd party applications	—	Institutions cannot refuse the sharing of data if requested by a patient
Server location	Move cloud servers to protected states	—	Storage costs may be higher in protected states

Open in a new tab

EHR: electronic health record.

Reduce specificity of pregnancy and abortion documentation

EHR companies in recent years have tried to improve documentation of the status of current pregnancy, marking many patients as “potentially pregnant” and encouraging affirmative documentation to facilitate alerts to avoid teratogenic medications. Even before Dobbs, such alerts were overridden at high rates,³⁰ and now their already questionable value must be balanced against the harm from others knowing a patient’s pregnancy status. We recommend that institutions consider documenting pregnancy status later in the pregnancy and not do so in cases where abortion is being considered until after a decision has been made to continue the pregnancy.

Additionally, some conventions in pregnancy documentation might benefit from immediate update, starting with the distinction between “elective” and “spontaneous” abortion in the pregnancy history. In addition to the standing ethical debate,³¹ there is now a practical consideration as well. Using “therapeutic abortion” to describe all pregnancies that will result in uterine evacuation could protect pregnant patients from the legal ramifications of an outside party discovering a pregnancy termination, as that outside party would have difficulty proving the therapeutic rationale. Institutions should also educate their providers to use appropriately nonspecific language and consider audit and feedback to reduce excess specificity. Institutions should also consider implementing a word substitution “dictionary,” as some EHRs provide, which recognizes language such as “elective abortion” and suggests or automatically substitutes “therapeutic abortion.” Beyond free text documentation, providers will also need to consider the specificity with which they document structured diagnosis and procedural codes; we suggest that they use the most generic language possible as presented in Table 2. The benefits of reduced specificity will need to be balanced against the possible harm of reduced or denied reimbursement.

Table 2.

Examples of codes in current use and potential substitutions

Current code	Substitution	Rationale
CPT codes D&C Abortion <14 weeks (59840) D&E Abortion 14+ (59841) Surgical abortion Missed AB, 1st tri (a.k.a D&C for SAB) (59820) D&E for SAB 2nd trimester (59821) D&C for incomplete ab (59812)	Endometrial sampling, D&C and Uterus Tumor Excision Procedures (58120)	A single generic CPT for all uterine evacuations obscures the underlying indication, protecting patients from stigma and legal ramifications.
ICD-10-CM codes (sample only): Z64.0 (problems related to unwanted pregnancy) O02.1 (missed abortion) O02.0 (anembryonic pregnancy) O03.4 (incomplete abortion) O35.9XX1 (known fetal anomaly)	Z33.2 (Termination of pregnancy)	A single generic ICD-10-CM code for all indications for uterine evacuation could similarly protect patients from stigma and legal ramifications.

Open in a new tab

CPT: current procedural terminology; ICD-10-CM: International Classification of Disease, 10th Revision, Clinical Modification.

Treat pregnancy and abortion care as highly protected information

Sensitive conditions are those which are not shared automatically as part of any release of information (ROI) request; they must be specifically requested and consented to by patients. Sensitive conditions are also blocked from electronic sharing with outside entities and therefore cannot be seen in tools like Epic’s Care Everywhere exchange network. By taking this approach, physicians will help patients avoid inadvertently sharing information that a pregnancy occurred and/or ended. While this will make it more difficult for obstetrical providers to immediately understand a patient’s medical history if care was received at an outside institution, privacy should likely take priority given the potential risks. It is worth noting, however, that these records will not be protected in the case of a legal proceeding and can still be subpoenaed, so marking pregnancies as sensitive will only protect patients from abortion care information being shared accidentally.

Revise the institutional approach to data sharing

Information blocking regulations seek to increase information sharing but specify situations in which information need not be shared. Further, information blocking regulations do not (and did not ever) override state or other federal law that protects information from disclosure. ONC’s regulations expressly allow an institution or healthcare provider to refuse to disclose health information when the discloser is complying with an applicable privacy law³² or its own long standing privacy policy, or when disclosure might cause harm to a person reflected in the data.³³ Common examples where this is invoked include HIV care and mental health. Institutions should explicitly add pregnancy and abortion care to their policy regarding “grounds to refuse.” Furthermore, even when providing data to patients or their designees, institutions are allowed to, and should, warn them that the confidentiality of their data may greatly diminish once it leaves the institution.³⁴

Identity protection

Given that HIPAA does not protect patient data from legal proceedings,³⁵ institutions may consider issuing alternate identities to patients when they seek abortion care, effectively creating a shadow secondary chart for this purpose. This approach would break the link between a patient’s overall healthcare and abortion care. Moreover, because health exchanges depend on the matching of identifiers, this approach would also hide care provided under an alternate identity from tools like CareEverywhere. However, this strategy carries risks that predate interoperability–namely that important health information such as allergies, medications, and other health problems in both directions are “invisible.” Moreover, it is unclear if insurance claims could be submitted in this scenario without relinking the charts. Finally, if prescriptions to pharmacies are associated with an alternate identity, patients may be unable to obtain medications. These risks are well known to providers who care for patients who require this protection because of conditions such as intimate partner violence, and even for patients with inadvertent duplicate charts in the health system,³⁶ and need to be balanced against the relative benefit of the more complete obscuration of an abortion episode.

Parallel documentation

An alternative approach is documenting abortion episodes using a separate, noninteroperable EHR or paper record. This approach would guarantee that associated information is unavailable from an interoperability standpoint. However, the approach carries many of the same risks as the prior solution, would require greater resources to enact, and would not be immune to subpoena or warrant.

Offering “in house” services and billing, and data storage

Given the risks of transmitting laboratory, imaging, and pharmacy data, institutions may consider providing these services entirely “in house,” to avoid such data becoming a part of the digital trail, coupled to one of the above identity protection strategies. Abortion medications may be dispensed by clinics directly, and the dating of a pregnancy by laboratory, imaging, and pathology may be completed as a point of care evaluation at the time of clinic presentation. If all abortion care also occurred under an alternative identity, it would never travel elsewhere, since that identity would not exist in other systems. Additionally, institutions might consider providing patients seeking abortion care an explicit opportunity to forego insurance coverage and pay out of pocket to avoid the generation of an insurance claim. Since these approaches could lead to disparities for patients without resources, institutions could also create funds for such care or provide care at cost in specific cases. Institutions should also review where their data are hosted and consider moving data that reside in severely restricted states to less-restricted states.

Patient counseling

Even a perfect institutional “blackout” of pregnancy and abortion care will only account for a percentage of the digital pregnancy trail. As such, institutions should educate patients on the digital information trail they leave and counsel them on how to “cover” it. Notably, this should include how they can control information sharing via the patient portal, what information to place and not place in 3rd party applications, and even strategies for social media. Institutions (especially in more restricted states) should update their HIPAA disclosure policies to explain circumstances under which their information must be shared with law enforcement. Patients will find it impossible to “hide” the fact of pregnancy in many cases, but they can at least help to obscure its outcome in places where such information puts patients’ and providers’ at personal and legal risk.

Beyond interoperability

Institutions do not interoperate in a vacuum. As Clayton et al³⁷ note, institutions will also need to harden their policies regarding if and how they share data, even when forced to do so, and which employees are allowed to do so. New laws and regulations may need to be passed and formulated, or old laws and regulations clarified, to protect patients information, and institutions may play a role in advocating for the same.³⁸ Institutions and individual providers may need to consider civil disobedience, as noted by Wynia.³⁹ An eye towards interoperability will complement all of these efforts by empowering institutions to both understand their patients and providers legal exposure and taking steps to reduce it.

CONCLUSION

The US Supreme Court’s decision in Dobbs has generated disruption and rethinking of many assumptions about healthcare–that best medical practice is legal medical practice, that healthcare is a private matter, and that information sharing between providers is an unalloyed good. Institutions, having planned for years for greater interoperability, need to pause and consider how to maintain those goods while protecting our patients from not just medical harm but potential legal harm and stigma as well. We expect this to be an ongoing, active process with new considerations added as new sources of risk are revealed and the legal and policy environment continues to change. We offer the above framework for evaluation and immediate implementation as a place to begin.

FUNDING

This work received no specific grant or other funding from any funding agency in the public, commercial, or not-for-profit sectors.

AUTHOR CONTRIBUTIONS

RK: Corresponding author. Substantial Contributions to the conception and design and analysis of this work, AND drafting the work, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. SM: Author. Substantial Contributions to the conception and analysis of this work, AND drafting the work, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. TW: Author. Substantial Contributions to the conception and analysis of this work, AND revising the work critically for important intellectual content, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. KS: Author. Substantial Contributions to the conception and analysis of this work, AND revising the work critically for important intellectual content, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. TI: Author. Substantial Contributions to the analysis of this work, AND revising the work critically for important intellectual content, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. NB: Author. Substantial Contributions to the conception and analysis of this work, AND revising the work critically for important intellectual content, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. JAM: Author. Substantial Contributions to the conception and analysis of this work, AND revising the work critically for important intellectual content, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved. LS: Senior Author. Substantial Contributions to the conception and analysis of this work, AND drafting the work and revising the work critically for important intellectual content, AND final approval of the version to be published, AND agreement to be accountable for all aspects of the work in ensuring that questions related to the accuracy or integrity of any part of the work are appropriately investigated and resolved.

CONFLICT OF INTEREST STATEMENT

RK reports receiving licensing income from Voalte, Inc. (now owned by Baxter Pharmaceuticals). TW reports serving on the medical advisory board of Delfina, Inc. JAM reports serving on the Board and holding shares in Opala. LS works at Omada Health, Inc. No other competing interests to declare.

Contributor Information

Raman R Khanna, Department of Medicine, UCSF, San Francisco, California, USA.

Sara G Murray, Department of Medicine, UCSF, San Francisco, California, USA.

Timothy Wen, Department of Obstetrics, Gynecology, and Reproductive Sciences, UCSF, San Francisco, California, USA.

Kirsten Salmeen, Maternal Fetal Medicine, Kaiser Permanente, San Francisco, California, USA.

Tushani Illangasekare, Department of Obstetrics, Gynecology, and Reproductive Sciences, UCSF, San Francisco, California, USA.

Nerys Benfield, Department of Obstetrics, Gynecology, and Reproductive Sciences, UCSF, San Francisco, California, USA.

Julia Adler-Milstein, Department of Medicine, UCSF, San Francisco, California, USA; Center for Clinical Informatics and Improvement Research, UCSF, San Francisco, California, USA.

Lucia Savage, Omada Health, Inc., San Francisco, California, USA.

Data Availability

This article is not research and there is no attached dataset to be made available.

REFERENCES

1. Dobbs TE. State Health Officer of the Mississippi Department of Health, et al. , Petitioners v. Jackson Women’s Health Organization, et al. June 24, 2022. https://www.supremecourt.gov/docket/docketfiles/html/public/19-1392.html. Accessed July 8, 2022.
2. Guttmacher Institute. Abortion policy in the absence of Roe. July 1, 2022. https://www.guttmacher.org/state-policy/explore/abortion-policy-absence-roe. Accessed July 8, 2022.
3. Kane L, Lange K, Herron A, et al. Indiana abortion ban goes into effect in September: what you need to know. IndyStar. August 6, 2022. Updated August 9, 2022. https://www.indystar.com/story/news/local/indianapolis/2022/08/06/indiana-abortion-bill-ban-law/65394328007/. Accessed September 4, 2022. [Google Scholar]
4. Huff C. In Texas, abortion laws inhibit care for miscarriages. National Public Radio. May 10, 2022. https://www.npr.org/sections/health-shots/2022/05/10/1097734167/in-texas-abortion-laws-inhibit-care-for-miscarriages. Accessed July 8, 2022.
5. Simmons-Duffin S. Doctors weren’t considered in Dobbs, but now they’re on abortion’s legal front lines. National Public Radio. July 3, 2022. https://www.npr.org/sections/health-shots/2022/07/03/1109483662/doctors-werent-considered-in-dobbs-but-now-theyre-on-abortions-legal-front-lines. Accessed July 8, 2022.
6. Kitchener C, Barrett D. Antiabortion lawmakers want to block patients from crossing state lines. Washington Post. June 29, 2022. https://www.washingtonpost.com/politics/2022/06/29/abortion-state-lines/. Accessed July 8, 2022.
7. Public Act No. 22-19. Connecticut. Approved May 5, 2022. https://www.cga.ct.gov/2022/act/Pa/pdf/2022PA-00019-R00HB-05414-PA.PDF. Accessed July 8, 2022
8.US Department of Health and Human Services. What is interoperability? HealthIT.gov. Last reviewed September 28, 2021. https://www.healthit.gov/topic/interoperability. Accessed July 8, 2022.
9.45 CFR 164.506(c)(2).
10.45 CFR 164.501(healthcare operation type 1).
11.45 CFR 164.524.
12.Public Law 104-191, 104th Congress, August 20, 1996.
13. Solove D. HIPAA Turns 10: analyzing the past, present, and future impact. J AHIMA 2013; 84: 22. [PubMed] [Google Scholar]
14.Public Law 111-5, 111th Congress, February 9, 2009.
15.Public Law 114-255, 114th Congress, December 16, 2016.
16. US Department of Health and Human Services. Information blocking. HealthIT.gov. Last reviewed July 25, 2022. https://www.healthit.gov/topic/information-blocking. Accessed July 8, 2022.
17. Savage L, Gaynor M, Adler-Milstein J.. Digital health data and information sharing: a new frontier in health care competition. Antitrust Law J 2019; 82: 593. [Google Scholar]
18. US Department of Health and Human Services. United States Core Data for Interoperability (USCDI).HealthIT.gov. https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdi. Accessed July 8, 2022.
19.Pregnancy status. HealthIT.gov. Last reviewed April 29, 2022. https://www.healthit.gov/isa/taxonomy/term/1651/draft-uscdi-v3. Accessed July 8, 2022.
20. US Department of Health and Human Services. National trends in hospital and physician adoption of electronic health records.HealthIT.gov. March 2022. https://www.healthit.gov/data/quickstats/national-trends-hospital-and-physician-adoption-electronic-health-records. Accessed July 21, 2022.
21. US Department of Health and Human Services. Certified EHR technology. CMS.gov. Modified March 25, 2022. https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Certification. Accessed July 8, 2022.
22.45 CFR 164.501(designated record set).
23. Quest Diagnostics. Making a difference every day. https://www.questdiagnostics.com/. Accessed July 22, 2022. (site notes “50 million tests performed each year for patients of all ages.”)
24. Mahase E. US anti-abortion laws may restrict access to vital drug for autoimmune diseases, patient groups warn. BMJ 2022; 378: o1677. [DOI] [PubMed] [Google Scholar]
25. Surescripts, Inc. 2020 National Progress Report. Surescripts. 2020. https://surescripts.com/news-center/national-progress-report-2020. Accessed July 21, 2022.
26. Bonta R. Attorney General Bonta emphasizes health apps’ legal obligation to protect reproductive health information. State of California Department of Justice. May 26, 2022. https://oag.ca.gov/news/press-releases/attorney-general-bonta-emphasizes-health-apps-legal-obligation-protect. Accessed July 25, 2022.
27.45 CFR 160.203(b).
28.An overview of consent to reproductive health services by young people. Guttmacher Institute. Last updated July 1, 2022. https://www.guttmacher.org/state-policy/explore/overview-minors-consent-law. Accessed July 17, 2022.
29.45 CFR 164.301.
30. Afaq H, Mukundan S, Zia S. Providers’ perception of alert fatigue after implementation of user-filtered warnings. VCU Scholars Compass. 2019. https://scholarscompass.vcu.edu/phar_pubs/23/. Accessed and downloaded September 4, 2022. [Google Scholar]
31. Watson K. Why we should stop using the term “elective abortion”. AMA J Ethics 2018; 20 (12): E1175–80. [DOI] [PubMed] [Google Scholar]
32.45 CFR 171.202.
33.45 CFR 171.201.
34.85 Fed. Reg. 25813 (May 1, 2020).
35. Sachar C. HIPAA, privacy, and reproductive rights in a post-Roe era. JAMA 2022; 328 (5): 417–8. [DOI] [PubMed] [Google Scholar]
36. Biehle D. “Use of an Alias”. HCCAnet social network discussion thread. https://community.hcca-info.org/hcca/communities/community-home/digestviewer/viewthread?GroupId=124&MID=28287. Accessed September 9, 2022.
37. Clayton EW, Embí PJ, Malin BA.. Dobbs and the future of health data privacy for patients and healthcare organizations. J Am Med Inform Assoc 2023; 30 (1): 155–60. [DOI] [PMC free article] [PubMed] [Google Scholar]
38. US Department of Health and Human Services. HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care. HHS.gov. June 29, 2022. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi-reproductive-health/index.html. Accessed September 9, 2022.
39. Wynia MK. Professional civil disobedience—medical-society responsibilities after Dobbs. N Engl J Med 2022; 387 (11): 959–61. [DOI] [PubMed] [Google Scholar]

Associated Data

This section collects any data citations, data availability statements, or supplementary materials included in this article.

Data Availability Statement

This article is not research and there is no attached dataset to be made available.

[ocac194-B1] 1. Dobbs TE. State Health Officer of the Mississippi Department of Health, et al. , Petitioners v. Jackson Women’s Health Organization, et al. June 24, 2022. https://www.supremecourt.gov/docket/docketfiles/html/public/19-1392.html. Accessed July 8, 2022.

[ocac194-B2] 2. Guttmacher Institute. Abortion policy in the absence of Roe. July 1, 2022. https://www.guttmacher.org/state-policy/explore/abortion-policy-absence-roe. Accessed July 8, 2022.

[ocac194-B3] 3. Kane L, Lange K, Herron A, et al. Indiana abortion ban goes into effect in September: what you need to know. IndyStar. August 6, 2022. Updated August 9, 2022. https://www.indystar.com/story/news/local/indianapolis/2022/08/06/indiana-abortion-bill-ban-law/65394328007/. Accessed September 4, 2022. [Google Scholar]

[ocac194-B4] 4. Huff C. In Texas, abortion laws inhibit care for miscarriages. National Public Radio. May 10, 2022. https://www.npr.org/sections/health-shots/2022/05/10/1097734167/in-texas-abortion-laws-inhibit-care-for-miscarriages. Accessed July 8, 2022.

[ocac194-B5] 5. Simmons-Duffin S. Doctors weren’t considered in Dobbs, but now they’re on abortion’s legal front lines. National Public Radio. July 3, 2022. https://www.npr.org/sections/health-shots/2022/07/03/1109483662/doctors-werent-considered-in-dobbs-but-now-theyre-on-abortions-legal-front-lines. Accessed July 8, 2022.

[ocac194-B6] 6. Kitchener C, Barrett D. Antiabortion lawmakers want to block patients from crossing state lines. Washington Post. June 29, 2022. https://www.washingtonpost.com/politics/2022/06/29/abortion-state-lines/. Accessed July 8, 2022.

[ocac194-B7] 7. Public Act No. 22-19. Connecticut. Approved May 5, 2022. https://www.cga.ct.gov/2022/act/Pa/pdf/2022PA-00019-R00HB-05414-PA.PDF. Accessed July 8, 2022

[ocac194-B8] 8.US Department of Health and Human Services. What is interoperability? HealthIT.gov. Last reviewed September 28, 2021. https://www.healthit.gov/topic/interoperability. Accessed July 8, 2022.

[ocac194-B9] 9.45 CFR 164.506(c)(2).

[ocac194-B10] 10.45 CFR 164.501(healthcare operation type 1).

[ocac194-B11] 11.45 CFR 164.524.

[ocac194-B12] 12.Public Law 104-191, 104th Congress, August 20, 1996.

[ocac194-B13] 13. Solove D. HIPAA Turns 10: analyzing the past, present, and future impact. J AHIMA 2013; 84: 22. [PubMed] [Google Scholar]

[ocac194-B14] 14.Public Law 111-5, 111th Congress, February 9, 2009.

[ocac194-B15] 15.Public Law 114-255, 114th Congress, December 16, 2016.

[ocac194-B16] 16. US Department of Health and Human Services. Information blocking. HealthIT.gov. Last reviewed July 25, 2022. https://www.healthit.gov/topic/information-blocking. Accessed July 8, 2022.

[ocac194-B17] 17. Savage L, Gaynor M, Adler-Milstein J.. Digital health data and information sharing: a new frontier in health care competition. Antitrust Law J 2019; 82: 593. [Google Scholar]

[ocac194-B18] 18. US Department of Health and Human Services. United States Core Data for Interoperability (USCDI).HealthIT.gov. https://www.healthit.gov/isa/united-states-core-data-interoperability-uscdi. Accessed July 8, 2022.

[ocac194-B19] 19.Pregnancy status. HealthIT.gov. Last reviewed April 29, 2022. https://www.healthit.gov/isa/taxonomy/term/1651/draft-uscdi-v3. Accessed July 8, 2022.

[ocac194-B20] 20. US Department of Health and Human Services. National trends in hospital and physician adoption of electronic health records.HealthIT.gov. March 2022. https://www.healthit.gov/data/quickstats/national-trends-hospital-and-physician-adoption-electronic-health-records. Accessed July 21, 2022.

[ocac194-B21] 21. US Department of Health and Human Services. Certified EHR technology. CMS.gov. Modified March 25, 2022. https://www.cms.gov/Regulations-and-Guidance/Legislation/EHRIncentivePrograms/Certification. Accessed July 8, 2022.

[ocac194-B22] 22.45 CFR 164.501(designated record set).

[ocac194-B23] 23. Quest Diagnostics. Making a difference every day. https://www.questdiagnostics.com/. Accessed July 22, 2022. (site notes “50 million tests performed each year for patients of all ages.”)

[ocac194-B24] 24. Mahase E. US anti-abortion laws may restrict access to vital drug for autoimmune diseases, patient groups warn. BMJ 2022; 378: o1677. [DOI] [PubMed] [Google Scholar]

[ocac194-B25] 25. Surescripts, Inc. 2020 National Progress Report. Surescripts. 2020. https://surescripts.com/news-center/national-progress-report-2020. Accessed July 21, 2022.

[ocac194-B26] 26. Bonta R. Attorney General Bonta emphasizes health apps’ legal obligation to protect reproductive health information. State of California Department of Justice. May 26, 2022. https://oag.ca.gov/news/press-releases/attorney-general-bonta-emphasizes-health-apps-legal-obligation-protect. Accessed July 25, 2022.

[ocac194-B27] 27.45 CFR 160.203(b).

[ocac194-B28] 28.An overview of consent to reproductive health services by young people. Guttmacher Institute. Last updated July 1, 2022. https://www.guttmacher.org/state-policy/explore/overview-minors-consent-law. Accessed July 17, 2022.

[ocac194-B29] 29.45 CFR 164.301.

[ocac194-B30] 30. Afaq H, Mukundan S, Zia S. Providers’ perception of alert fatigue after implementation of user-filtered warnings. VCU Scholars Compass. 2019. https://scholarscompass.vcu.edu/phar_pubs/23/. Accessed and downloaded September 4, 2022. [Google Scholar]

[ocac194-B31] 31. Watson K. Why we should stop using the term “elective abortion”. AMA J Ethics 2018; 20 (12): E1175–80. [DOI] [PubMed] [Google Scholar]

[ocac194-B32] 32.45 CFR 171.202.

[ocac194-B33] 33.45 CFR 171.201.

[ocac194-B34] 34.85 Fed. Reg. 25813 (May 1, 2020).

[ocac194-B35] 35. Sachar C. HIPAA, privacy, and reproductive rights in a post-Roe era. JAMA 2022; 328 (5): 417–8. [DOI] [PubMed] [Google Scholar]

[ocac194-B36] 36. Biehle D. “Use of an Alias”. HCCAnet social network discussion thread. https://community.hcca-info.org/hcca/communities/community-home/digestviewer/viewthread?GroupId=124&MID=28287. Accessed September 9, 2022.

[ocac194-B37] 37. Clayton EW, Embí PJ, Malin BA.. Dobbs and the future of health data privacy for patients and healthcare organizations. J Am Med Inform Assoc 2023; 30 (1): 155–60. [DOI] [PMC free article] [PubMed] [Google Scholar]

[ocac194-B38] 38. US Department of Health and Human Services. HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care. HHS.gov. June 29, 2022. https://www.hhs.gov/hipaa/for-professionals/privacy/guidance/phi-reproductive-health/index.html. Accessed September 9, 2022.

[ocac194-B39] 39. Wynia MK. Professional civil disobedience—medical-society responsibilities after Dobbs. N Engl J Med 2022; 387 (11): 959–61. [DOI] [PubMed] [Google Scholar]

PERMALINK

Protecting reproductive health information in the post-Roe era: interoperability strategies for healthcare institutions

Raman R Khanna

Sara G Murray

Timothy Wen

Kirsten Salmeen

Tushani Illangasekare

Nerys Benfield

Julia Adler-Milstein

Lucia Savage

Abstract

INTRODUCTION

SOURCES OF RISK

The EHR, health information exchanges, and secondary abstraction

Billing records

Laboratory, imaging, and pathology records

Medication

Patient portals

Server locations and legal custody

Overall risk

INSTITUTIONAL MITIGATION STRATEGIES

Table 1.

Reduce specificity of pregnancy and abortion documentation

Table 2.

Treat pregnancy and abortion care as highly protected information

Revise the institutional approach to data sharing

Identity protection

Parallel documentation

Offering “in house” services and billing, and data storage

Patient counseling

Beyond interoperability

CONCLUSION

FUNDING

AUTHOR CONTRIBUTIONS

CONFLICT OF INTEREST STATEMENT

Contributor Information

Data Availability

REFERENCES

Associated Data

Data Availability Statement

ACTIONS

PERMALINK

RESOURCES

Similar articles

Cited by other articles

Links to NCBI Databases