The Intersection of Healthcare, Privacy, and Technology
In the whirlwind that has been caused by the recent decision by The Supreme Court of the United States to overturn the landmark Roe V. Wade case, many citizens around the country are concerned about the privacy of their personal healthcare information. Despite the fact that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently released new privacy guidelines that prohibit healthcare providers from disclosing the healthcare information of their patients unless a very narrow set of circumstances are met, the various privacy and healthcare laws that are on the book in states around the country have created a lot of ambiguity concerning the legality of disclosing Protection Healthcare Information (PHI).
Information Blocking Rule
In addition to the Health Insurance Portability and Accountability Act (HIPAA), as well as the Health Information Technology for Economic and Clinical Health Act (HITECH), one of the primary federal regulations that govern the collection and dissemination of the healthcare information of U.S. patients is The 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program, also known as the Information Blocking Final Rule. Generally speaking, the Information Blocking Rules serves to enhance the facilitation and transmission of healthcare information between doctors, patients, and relevant third parties. To this point, the law forbids doctors, nurses, and healthcare IT providers from developing policies that would be likely to interfere with the access or exchange of Electronic Healthcare Information (EHI).
Exceptions to the law
While the Information Blocking Rule makes it illegal for healthcare providers to take steps that would prevent their patients from sharing or accessing their healthcare information, there are 8 exceptions to this rule. In the context of the overturning of the Roe V. Wade case, the privacy exception that is outlined in the Information Blocking Rule is of the most relevance. As stated in the law “it will not be information blocking for an actor to interfere with the access, exchange, or use of EHI in order to protect the security of EHI, provided certain conditions are met.” Subsequently, what constitutes these certain conditions has led to concerns from privacy advocates around the U.S.
Google and data security
As major corporations such as Google have become intertwined with the accessing and sharing of personal information due to the role they play in our current society, privacy advocates argue that Google’s massive trove of location data can be used to infringe on the healthcare and reproductive privacy rights of the American people, regardless of any legislation that would seem to contradict such practices. For example, a woman that is looking to receive an abortion in a U.S. state that is looking to outlaw the practice could have their information sent to a law enforcement agency due to the location data they provide to Google via their cellphone.
In spite of the fact that this woman’s healthcare providers should theoretically be able to block such a request to access this personal information in accordance with the Privacy Exception of the Information Blocking Rule, there is currently a great level of grey area regarding the matter. In response to concerns that American citizens and privacy advocates alike have raised in relation to Google’s ability to seamlessly access location information, the corporation stated in July of 2022 that they were modifying its data collection and processing practices to both identify and delete location data for U.S. citizens that visit places deemed as “particularly personal.”
Ambiguous privacy standards
More specifically, Google defines places that are “particularly personal” to include “medical facilities such as abortion clinics, fertility centers, counseling centers, domestic violence shelters, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others.” Notwithstanding the changes that Google plans to make in terms of the way the company manages the location data of American citizens, the new privacy guidelines that were released by the HHS OCR in June of 2022 do permit law enforcement agencies to request access to EHI when such a request “pursuant to the process and as otherwise required by law.”
As the overturning of Roe V. Wade impacts a multitude of factors that currently influence American society, including access to healthcare, data protection, civil rights, and technology services, among a host of others, the impact of the decision will continue to unravel for years to come. Likewise, the ability for American citizens to be prosecuted in conjunction with personal information pertaining to them that has been collected and obtained by third parties such as Google is a notion that has no precedent in U.S. history. Nevertheless, protecting the privacy and healthcare reproductive rights of American citizens must remain at the forefront of all of our minds, as the overturning of legislation does not mean that the lives of innocent people must be put at risk.