This is a rapidly shifting legal space, so please be aware that this information may not be current. When exploring medical privacy issues, it's very useful to have an overview of the laws that affect control and privacy of medical information. We encourage you to read our legal overview.
Abortion reports present a conundrum in the health information legal scheme. An abortion facility may or may not be a covered entity under the Health Insurance Portability and Accountability Act (HIPAA), depending on whether it transmits any health information electronically. If a facility is covered, the information in an abortion report is probably Protected Health Information (PHI), and also probably needs to meet HIPAA de-identification standards. If so, abortion reports cannot be properly “de-identified” under HIPAA because they generally ask for information about the county where the patient resides.
That said, many states have put reporting rules in place, and providers will usually seek to comply.
Mandated and permissive abortion reporting
Most states that allow abortions 1 require abortion facilities to report on abortions that they perform. These reports can hold sensitive information about people seeking abortion services, but who receives these reports and who has access to them later?
Generally, state departments of public health collect the reports, although in some states they may go to the department of vital statistics. Reporting this information to the Centers for Disease Control (CDC) is not mandatory, but the majority of states do report. The CDC aggregates the data into annual Abortion Surveillance Reports.
In California, the state does not report abortion data publicly. California may also be unique in having a Reproductive Privacy Act, which affirms that "every individual possesses a fundamental right of privacy with respect to personal reproductive decisions." Well before that act’s passage, courts already relied on California’s constitutional right to privacy in upholding the right of patients insured by Medicaid to obtain an abortion, and the right of minors to have an abortion without parental consent. Even further, after the Supreme Court overturned the federal right to abortion, Californians overwhelmingly voted in favor of Proposition 1, which amended the state constitution to codify abortion rights.
Abortion reporting forms
State reporting forms require different information, which may include any of the following:
- identification of the facility where the abortion was performed
- method of payment
- demographic characteristics
- reason for the procedure
- whether the fetus was viable,
- whether other state requirements for counseling, parental involvement, or trans-vaginal ultrasound were met.
While the reporting form does not include the patient’s name, the demographic data is so extensive that it would not take great skill to identify the individual, particularly in a small town. Along with the facility where the procedure was performed and the name of the physician, all forms ask for the patient’s age, race, ethnicity, marital status, and number of previous live births.
Public records requests and abortion reporting
The possibility that state abortion reports can be re-identified is concerning because these forms may be subject to disclosure as public records under state sunshine or freedom of information laws. Historically, abortion reports have been wielded by anti-abortion activists, with violation of patients’ privacy as collateral damage. Three news stories from the past decade highlight the problems involved.
In one instance, an anti-abortion activist in Seattle filed a public records request with the state Department of Health for abortion reports from six clinics. When the Department’s attorneys determined that the state’s public records law required it to release information about patients’ city of residence, age, ethnicity, abortion history, and the date and location of each abortion, Planned Parenthood and other clinics requested and were granted a temporary order to prohibit the release of information specific to a particular clinic and to prevent patients’ hometowns or dates of treatment from being disclosed. Further action is pending in state superior court.
Similarly, Operation Rescue instigated a hearing with the New Mexico Medical Board into the conduct of a doctor who performed a late-term abortion that resulted in complications. The medical board panel conducting the investigation has the authority to subpoena patient records with or without a patient's consent, and is exempt from HIPAA. Because the Medical Board is a state agency, its proceedings are public. Transcripts from the hearing where a Medical Board prosecutor accused the abortion doctor of gross negligence resulted in disclosure of the patient’s detailed treatment information, mental state, religion, city of residence, and family status, although not her name. The doctor was exonerated in February 2013, almost two years after the abortion was performed.
In Pennsylvania, an anti-abortion activist attempted to use public records laws to publicize the names and license numbers of reproductive health workers working at abortion clinics across the state. Pro-abortion advocates have noted that this is one example of the anti-abortion movement wielding public records laws to bully, harass, and intimidate abortion providers. In 2015, ProPublica reported on the stakes of anti-abortion activists’ maneuvering of public records for the privacy of patients and providers.
Protecting abortion records
It’s not clear what more could be done to de-identify state abortion-report data, while still enabling it to generate what are considered necessary public health statistics. In the context of legal proceedings, however, it's worth considering closed hearings where transcripts are redacted or kept confidential to protect the privacy of patients.
More generally, California also has expanded protections for abortion data privacy. After Dobbs, the legislature passed a bill that creates an abortion and gender-affirming health exception to an existing law that requires health care providers to disclose certain kinds of medical information to particular entities. Other laws limit the authority of California courts to compel disclosure of reproductive health data. More information about how California is working to safeguard the privacy of abortion patients can be found here. Ultimately, broader information privacy laws will be crucial for protecting the privacy rights of abortion patients in the wake of Dobbs.
- For more information on abortion laws in California, see the website Californiaabortionlaw.com, and a publication offered on the site, Abortion in California: A Medical-Legal Handbook.
- The Guttmacher Institute tracks sexual and reproductive health issues worldwide. You can find U.S.-specific information concerning abortion in Guttmacher’s State Policies in Brief: Abortion Reporting Requirements, and California-specific information in State Facts About Abortion: California. Note that these resources are in the process of being updated in light of Dobbs.
- The U.S. Department of Health and Human Services has a "Guidance Regarding Methods for De-identification of Protected Health Information in Accordance with the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule." HHS also issued updated guidance on protecting reproductive healthcare data, clarifying that providers are not required to disclose information to third parties, after Dobbs.
- 1. Exceptions are California, New Jersey, and New Hampshire. Maryland has not collected abortion data since 2006.