State governments looking to protect health-related data as it’s used in abortion battle

Some state governments and federal regulators were already moving to keep individuals’ reproductive health information private when a U.S. senator’s report last week offered a new jolt, describing how cellphone location data was used to send millions of anti-abortion ads to people who visited Planned Parenthood offices.

Federal law bars medical providers from sharing health data without a patient’s consent but doesn’t prevent digital tech companies from tracking menstrual cycles or an individual’s location and selling it to data brokers. Legislation for federal bans have never gained momentum, largely because of opposition from the tech industry.

Whether that should change has become another political fault line in a nation where most Republican-controlled states have restricted abortion — including 14 with bans in place at every stage of pregnancy — and most Democratic ones have sought to protect access since the U.S. Supreme Court in 2022 overturned Roe v. Wade.

Abortion rights advocates fear that that if such data is not kept private, it could be used not only in targeted ads but also in law enforcement investigations or by abortion opponents looking to harm those who seek to end pregnancies.

“It isn’t just sort of creepy,” said Washington state Rep. Vandana Slatter, the sponsor of a law her state adopted last year to rein in unauthorized use of health information. “It’s actually harmful.”

But so far, there’s no evidence of widespread use of this kind of data in law enforcement investigations.

“We’re generally talking about a future risk, not something that’s happening on the ground yet,” said Albert Fox Cahn, executive director of the Surveillance Technology Oversight Project and an advocate of protections.

The report last week from Sen. Ron Wyden, an Oregon Democrat, showed the biggest known anti-abortion ad campaign directed to people who had been identified as having visited abortion providers.

Wyden’s investigation found that the information gathered by a now-defunct data broker called Near Intelligence was used by ads from The Veritas Society, a nonprofit founded by Wisconsin Right to Life. The ads targeted people who visited 600 locations in 48 states from 2019 through 2022. There were more than 14 million ads in Wisconsin alone.

Wyden called on the Federal Trade Commission to intervene in the bankruptcy case for Near to make sure the location information collected on Americans is destroyed and not sold to another data broker. He’s also asking the Securities Exchange Commission to investigate whether the company committed securities fraud by making misleading statements to investors about the senator’s investigation.

It’s not the first time the issue has come up.

Massachusetts reached a settlement in 2017 with an ad agency that ran a similar campaign nearly a decade ago.

The FTC sued one data broker, Kochava, over similar claims in 2022 in an ongoing case, and settled last month with another, X-Mode Social, and its successor, Outlogic, which the government said sold location data of even users who opted out of such sharing. X-Mode was also found to have sold location data to the U.S. military.

In both cases, the FTC relied on a law against unfair or deceptive practices.

States are also passing or considering their own laws aimed specifically at protecting sensitive health information.

Washington’s Slatter, a Democrat, has worked on digital privacy issues for years, but wasn’t able to get a bill with comprehensive protections adopted in her state.

She said things changed when Roe was overturned. She went to a rally in 2022 and heard women talking about deleting period-tracking apps out of fear of how their data could be exploited.

When she introduced a health-specific data privacy bill last year, it wasn’t just lawyers and lobbyists testifying; women of all ages and from many walks of life showed up to support it, too.

The measure, which bars selling personal health data without a consumer’s consent and prohibits tracking who visits reproductive or sexual health facilities, was adopted with the support of nearly all the state’s Democratic lawmakers and opposition from all the Republicans.

Connecticut and Nevada adopted similar laws last year. New York enacted one that bars using tracking around health care facilities.

California and Maryland took another approach, enacting laws that prevent computerized health networks from sharing information about sensitive health care with other providers without consent.

“We’re really pushing forward with the free-flowing and seamless exchange of health care data with the intend of having information accessible so that providers can treat the whole person,” said Andrea Frey, a lawyer who represents health care providers and digital health systems across. “Conversely, these privacy concerns come into play.”

Illinois, which already had a law limiting how health tracking data — measuring heart rates, steps and others — can be shared, adopted a new one last year that took effect Jan. 1 and that bans providing government license plate reading data to law enforcement in states with abortion bans.

Bills addressing the issue in some form have been introduced in several states this year, including Hawaii, Illinois, Maine, Maryland, Massachusetts, Missouri, South Carolina and Vermont.

In Virginia, legislation that would prohibit the issuance of search warrants, subpoenas or court orders for electronic or digital menstrual health data recently cleared both chambers of the Democratic-controlled General Assembly.

Democratic Sen. Barbara Favola said she saw the bill as a necessary precaution when Republican politicians, including Virginia Gov. Glenn Youngkin, have sought restrictions on abortion.

“The next step to enforcing an abortion ban could be accessing menstrual health data, which is why I’m trying to protect that data,” Favola said in a committee hearing.

Opponents asked whether such data had ever been sought by law enforcement, and Favola responded that she wasn’t aware of a particular example.

“It’s just in search of a problem that does not exist,” said Republican Sen. Mark Peake.

Youngkin’s administration made it clear he opposed similar legislation last year, but his press office didn’t respond to a request for comment on where he stands on the current version.

Sean O’Brien, founder of the Yale Privacy Lab, says there is a problem with the way health information is being used, but he’s not sure laws will be the answer because companies could choose to ignore the potential consequences and continue scooping up and selling sensitive information.

“The software supply chain is extremely polluted with location tracking of individuals,” he said.

___

Mulvihill reported from Cherry Hill, New Jersey. Associated Press reporters Frank Bajak in Boston and Sarah Rankin in Richmond, Virginia, contributed to this article.