Concerns have been raised about the fact that crisis pregnancy centers, many of which are connected to nationwide anti-abortion networks, are gathering people’s data but are not subject to data privacy regulations in the aftermath of moves to outlaw abortion throughout the U.S.
There are 85 crisis pregnancy centers in Minnesota, the majority of which are unlicensed, faith-based medical facilities that work to discourage people from getting an abortion.
Attorney General Keith Ellison issued a consumer advisory on crisis pregnancy centers on Monday, cautioning that the workers there may provide false information about abortion and contraception and often do not deliver the services they advertise.
Results from a Post Bulletin study published earlier this month were in line with Ellison’s warning.
For individuals suffering unwanted pregnancies, the facilities provide free treatments including ultrasounds, pregnancy testing, and counseling sessions to explore pregnancy alternatives.
Numerous crisis pregnancy clinics have benefited from money granted via Minnesota’s Positive Alternatives Grant Program since 2005, which has contributed over $3 million yearly to help with unintended pregnancies.
With the exception of the Minnesota Health Records Act, which only applies to the 27 centers that receive funding from the state, the facilities are not regarded as clinics by regulators and are not legally required to adhere to the provisions of the Health Insurance Portability and Accountability Act or Minnesota Health Records Act regarding patient privacy.
Greg Myers, a health law attorney based in Minneapolis, said that this puts confidential patient health information at danger of disclosure. According to him, revealing a patient’s pregnancy status or choice to obtain an abortion could not result in HIPAA-related repercussions for a crisis pregnancy center.
They have no obligations under HIPAA, according to Myers, a partner at Lockridge Grindal Nauen P.L.L.P. who specializes in HIPAA compliance. There can be privacy breaches involving clients.
The regulations of First Care Pregnancy Center, a crisis pregnancy center with locations in Rochester and the Twin Cities metro area, are compliant with HIPAA, according to Tammy Kocher, executive director.
Everything must be handled in complete confidence, according to our standards and procedures, Kocher stated. “We need a formal release of information from the patient if they want to have their data provided to themselves (or a provider).”
Although First Care Pregnancy Center and other facilities state on their websites that patient information is confidential, Myers said this compliance is voluntary and he is doubtful that the facilities could protect a patient’s information in the same way that a licensed medical facility could, for example, if they were sued.
According to Myers, HIPAA regulations demand that parties in civil litigation who possess protected health information enter into a protective order requiring them to maintain the privacy of the information, use it only in connection with the litigation, and make sure it is destroyed or returned at the conclusion of the case.
While crisis pregnancy centers may create their own protective orders in this situation, he said, they would not be able to use HIPAA for protections if challenged or if the protective order is broken.
Anyone may agree to abide with HIPAA, according to Myers. The problem will be how they go about doing it. Would they truly be able to keep your information secret if it came down to it?
For this report, The Post Bulletin emailed all 85 crisis pregnancy clinics in Minnesota to inquire about their concerns about data privacy. Only Kocher answered.
First Care Pregnancy Center has certified medical practitioners on staff, thus those people would be subject to data privacy rules even though the institution as a whole is not obligated by HIPPA. However, only a small percentage of Minnesota crisis pregnancy facilities have medical personnel.
In Minnesota, Gender Justice in St. Paul is one of the law and policy institutions striving to promote gender equality. According to a 2021 study regarding crisis pregnancy clinics, “just 9% of the centers claim to have a physician and only 20% say they have a registered nurse on staff.”
Myers said that since individual staff members would not be subject to HIPAA or state regulatory bodies like the Board of Medical Practice or the Board of Nursing, institutions without certified medical professionals would have even less monitoring.
The pro-life group Minnesota Citizens Concerned for Life, which promotes the centers on their website, said it lacked precise data on the amount of crisis pregnancy staff members who had medical licenses.
According to Scott Fischbach, executive director, “I don’t believe that anybody who goes to a maternity care center has to have a fear about privacy or record keeping.” The care facilities have always done a great job of giving those people total privacy.
When questioned about privacy issues, Fischbach said that he thought visiting an abortion facility posed a bigger privacy risk.
In Minnesota, Fischbach said, “There are no regulations truly governing the practice and we don’t have any licensing limits of abortion clinics.” It is thus doubtful if they will adhere to HIPAA rules, in my opinion.
According to Asha Hassan, a researcher at the University of Minnesota’s Center for Anti Racism Research for Health Equity, “This is a really fascinating premise that on its face isn’t accurate.”
Hassan said that Minnesota facilities are obliged by law to guarantee abortion patients meet with a registered medical physician subject to data privacy rules, making abortion doctors and clinics among of the most strictly regulated in medicine.
Medical assistants, nurses, and physicians often work as abortion care providers, Hassan said. Medical assistants help with vitals, rooming, and intake; they are often not certified. She said that although registered nurses are permitted to provide counseling, only licensed physicians and advanced practice clinicians are permitted to carry out and prescribe for abortions.
At each one of Minnesota’s eight active abortion facilities, a licensed practitioner will always visit the patient, according to Hassan.
Critics contend that there is more at risk than simply one center collecting a patient’s information without providing a guarantee of privacy, pointing to the interconnectedness of many of the country’s crisis pregnancy clinics.
One of these networks, according to a 2019 investigation by the London-based privacy group Privacy International, advertises to its members proprietary software designed to break down, in the words of the researchers, “data silos connecting anti-abortion facilities internationally.”
Heartbeat International, a company established in Ohio, claims on its website that “we think we’re better together, and so is our data” and promotes a content management system that “harnesses the power of big data” and allows users to “input and access information anywhere at any time.”
The Post Bulletin contacted Heartbeat International for comment, but they didn’t get back to them.
According to its website, Heartbeat International, an anti-abortion group that calls itself “interdenominational Christian” and supports more than 3,000 linked pregnancy care centers worldwide, has 53 affiliate members in Minnesota.
According to the Privacy International research, the Heartbeat International software “appears to unify what questions individuals are asked when seeking a center’s aid” and to consolidate the data that visitors to anti-abortion facilities are requested to supply during their visit.
It was also mentioned that the content management system aims to compile information on visitors to a crisis pregnancy center’s name, address, email address, ethnicity, marital status, living situation, use of alcohol and drugs, and medical history, including history of sexually transmitted diseases.
By stating that “the data your organization gathers has to function not just for you but for the rest of the maternity support movement,” a software web page recognized by Privacy International encourages its shareability.
The Heartbeat International Option Line, a 24-hour hotline and online chatbot in which customers are requested to submit name, location, demographic information, and what they want to do with the pregnancy, also drew criticism from the privacy researchers.
Although it’s unclear how many crisis pregnancy clinics there are in Minnesota, the statistics do include Redwood Falls’ Choices Pregnancy Center, which gets state funding under the Positive Alternatives Grant Program.
In central and southern Minnesota, billboards also advertise The Option Line.
Heartbeat International claimed to Privacy International that it protected patient data and only utilized it in a de-identified form. However, the privacy advocates pointed out that it was not apparent how and by whom such de-identification was carried out.
An anti-abortion group called the National Right to Life Committee published a draft bill in June called the Post-Roe Model Abortion Law that legislators could adopt if they wanted to make abortions and anyone “conspiring to cause, assisting or abetting unlawful abortions” illegal.
Although there has not yet been any proof that crisis pregnancy centers have shared a patient’s private information outside of a facility, Laura Dodge, a professor of obstetrics and gynecology at Harvard University, expressed concern about the centers’ access to large amounts of sensitive data due to the alarming possibility of a “data dump.”
“They may send over significant volumes of data on many, many customers and not just on a case by case basis,” Dodge added. “A crisis pregnancy center does not have the same level of protection for your health information that a registered medical institution does.”
First Care Pregnancy Center’s Tammy Kocher said that her organization would never knowingly distribute patient information without the patient’s express written authorization. Crisis pregnancy centers may be required to give over information in response to a lawsuit or police search order, despite their best efforts to safeguard privacy, according to health care lawyer Greg Myers.
Myers argued that although HIPAA-bound providers are not immune to search warrants, HIPAA only mandates that they divulge protected health information in certain situations, unlike crisis pregnancy clinics who would be unable to invoke HIPAA’s limits as an argument.
As this would be unusual, Kocher added, “we would call our counsel to evaluate what we are legally compelled to cooperate with” if police enforcement obtained documents through a search order.
Myers advised people to go to registered, regulated clinics that must abide by data privacy rules. Patients who are interested in visiting a crisis pregnancy center should do so in a state-funded facility because they are obligated by the Minnesota Health Records Act, which forbids health care facilities from disclosing patient information without the patient’s permission.
Our current situation is questionable, according to Myers. Dealing with a healthcare professional who is regulated offers so much more value.