The Yale Law Journal

VOLUME
132
2022-2023
Forum

The Abortion Interoperability Trap

18 Oct 2022

abstract. Legislatures in blue states are trying to shield patients’ medical records from being used against them in antiabortion litigation and persecutions. The problem is, as medical records increasingly follow the patient, those records are likely to end up in the hands of actors who are not subject to safe-haven laws and who can easily be required to hand over the records to law enforcement or private litigants. Legislatures, policymakers, and private actors should all take steps to close the loopholes that allow this.

Introduction

There is a serious gap in blue states’ efforts to create abortion “safe havens” for the post-Roe world. Medical care procured outside a patient’s home state increasingly leaves a digital trail that will easily make its way back to the patient’s domicile. In the context of abortion—and other controversial forms of healthcare, like gender-affirming treatments—this means that cutting-edge legislative protections for medical records fall short.

In advance of the anticipated fall of Roe v. Wade,1 some state legislatures began to bar in-state medical providers from directly handing over abortion records for use in out-of-state lawsuits or prosecutions in an effort to protect abortion seekers and providers.2 After the Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization,3 more states are joining the fray.4 But these laws fail to recognize two important things. First, medical records are increasingly “interoperable,” which means they are stored in forms that make it logistically easy to exchange them across different technological systems and providers. Second, newly on the books are important federal regulations that aim to improve and promote the seamless flow of medical records. Because of these two changes, patient records are now widely shared across state lines in the ordinary course of business—and nothing will protect those records from use by antiabortion actors once they are in the hands of out-of-state providers. The result is a loophole that risks swallowing the protection that these new state laws attempt to offer.

For example, say a patient from Louisiana travels to a Connecticut medical practice for abortion services. Under current state law, if the Connecticut practice shares records of the patient’s abortion at their facility with a doctor in the patient’s home state—even if the patient objects to such sharing or the Connecticut practice knows that those abortion records would likely be used to prosecute the patient in Louisiana—that would not violate any privacy law. On the other hand, a doctor who withheld such abortion records would likely risk violating the law. Accordingly, lawmakers must act now to address this “interoperability trap.” Independent of such legislative efforts, clinics and providers who care about patient privacy and autonomy would be well advised to adopt internal policies that go well beyond what is legally required to help protect their patients’ abortion records from disclosure.

* * *

Beginning with Justice Amy Coney Barrett’s appointment in 2020, observers on both sides of the abortion question anticipated a major change in the Supreme Court’s treatment of the subject.5 The result was a federalism arms race on abortion that has only accelerated since Dobbs overturned Roe. Post-Dobbs, states are now jockeying to prohibit or protect abortion within their borders and to define the playing field for interstate abortions. For example, some antiabortion activists and legislators seek not only to eliminate abortions within their states, but also to prevent residents from traveling to get abortions where they are legal and to penalize those in other states who facilitate such out-of-state abortions.6 While no state has yet expressly enacted such a law, they have been proposed in state legislatures. And a few cities, declaring themselves “sanctuary cit[ies] for the unborn,” have adopted ordinances that purport to bar residents from obtaining abortions regardless of where the abortion occurs.7 Antiabortion lawmakers have also threatened litigation and legislative action against those who help facilitate interstate abortions.8 In response to these dynamics, blue states—with Connecticut leading the charge—are endeavoring to become “safe havens” for abortion care, crafting equally broad laws that aim to shield those who obtain, perform, or facilitate abortions within their states from being prosecuted or sued elsewhere.9 These dynamics are poised to escalate, and there is every reason to think that more states will enter the fray.

Current protective safe-haven laws recognize that abortion records are poised to become a politicized litigation tool, but they do not go far enough in protecting those records.10 Connecticut’s new law, for instance, prohibits providers from handing over abortion records in response to subpoenas related to formal legal proceedings,11 but it misses a crucial piece of the puzzle: medical records are widely shared across state lines to facilitate patient care. This kind of sharing is permitted without patient consent under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)—which, notwithstanding its reputation as a source of privacy protection, is, in actuality, primarily structured to promote the “portability” of medical information among medical providers, payors, and other healthcare-related entities.12 Even more importantly, new health laws go beyond HIPAA’s permissive approach to medical-records sharing. Indeed, records sharing is increasingly required by federal law thanks to new, deep-in-the-weeds rules intended to further promote interoperability and dissuade so-called “information blocking.”13

This effectively means that when a patient who has had an out-of-state abortion receives any subsequent medical care—abortion-related or not—in her state of residence, the odds are high that her home-state providers will access and incorporate her entire medical record into their own records. And in the likely event the home-state provider is not covered by a law like Connecticut’s, her records will be easily obtained in litigation. The result would be exactly what safe-haven legislators seek to prevent: slam-dunk evidence that could be used in out-of-state litigation to punish abortions.

To put the problem more crisply: imagine that Jane Doe, a resident of Missouri, gets an abortion in Connecticut. She then returns home to Missouri, where, under a pending bill, it would be

unlawful for any person to perform or induce, or to attempt to perform or induce, an abortion on a resident or citizen of Missouri, or to aid or abet, or attempt to aid or abet, an abortion performed or induced on a resident or citizen of Missouri, regardless of where the abortion is or will be performed.14

Or imagine she is from Louisiana, where abortion, under recently considered legislation, would be classified as murder.15 In either scenario, even if the new Connecticut law would prevent Jane Doe’s Connecticut abortion providers from giving her medical records to prosecutors or litigants in her home state, those prosecutors or litigants could circumvent this protection by subpoenaing any other provider with access to her abortion records.16

Finally, while this Essay focuses primarily on abortion, its implications reach any other area in which medical records may be weaponized in lawsuits or prosecutions—including, most urgently, gender-affirming medical treatment for children, where similar federalism battles are beginning to play out. As a few states seek to criminalize or otherwise penalize gender-affirming care for minors, other states are beginning to position themselves as “safe havens” for those patients and their families.17 California, for instance, recently enacted legislation related to gender-affirming medical treatment for patients under eighteen that closely parallels the Connecticut abortion law, including protections for medical records related to such treatment.18 That legislation, given the interoperability of medical records, contains the same loophole through which other future providers could pass along those records in litigation. For affected patients and their families, the stakes could hardly be higher. If states seek to promote themselves as safe havens that will protect medical records, that protection must be more than illusory.

The Essay proceeds as follows. Part I provides an overview of the emerging wild west of legislation regarding interstate abortion litigation, in which some jurisdictions seek to prohibit abortion even outside their borders while others seek to protect it within their own. It also provides a brief overview of similar efforts with regard to gender-affirming care. Part II lays out the gap in these efforts: the “interoperability trap.” It describes states’ efforts to protect medical records, then explains why those efforts are insufficient in light of the move toward records that follow the patient. It also explains why other sources of potential protection—namely HIPAA and the Fourth Amendment—do not solve the problem. Finally, Part III delves into potential solutions, including steps that states, federal regulators, and private entities could take to better protect records for contested procedures without unduly burdening patient care.

I. the coming healthcare federalism wars

The interjurisdictional abortion wars are here. Once the Supreme Court eliminated constitutional protections for abortion,19 many previously permitted abortions were immediately rendered illegal in three states.20 Although other similar state laws have since gone into effect,21 the landscape is anything but certain for those who seek abortions.22 The predictable result is that those who are pregnant will increasingly seek abortions across jurisdictional boundaries—and indeed, this is already happening.23 Just as predictably, some states will try to prohibit their residents from obtaining out-of-state abortions. Those who seek or provide abortions are likely to be subject to an ever-changing sea of rules intended to persecute or protect them.

A brief overview of this federalism arms race is in order. To start, some states are already seeking to impose liability on out-of-state actors who help with abortions. On the civil side, statutes that do not expressly address extraterritorial abortions could nevertheless sweep broadly. For instance, the “Texas Heartbeat Act” (commonly referred to as S.B. 8), a civil statutory scheme that deputizes private citizens to sue those who seek abortions, extends liability to those who “aid[] or abet[]” an abortion after the fetal heartbeat is detected or intend to do so.24 Oklahoma recently enacted a similar statute, under which anyone who “aids or abets” an abortion or intends to do so, including by providing insurance reimbursement, can be sued.25 Though these statutes do not expressly discuss out-of-state abortions, they purport to apply to abortions performed by any physician licensed in the state—which can include dual-licensed doctors practicing elsewhere.26 There is, moreover, a live debate about how broadly such laws can apply to out-of-state actors who aid in-state abortions and in contexts where women leave their home states to seek an abortion.27

Additionally, there is good reason to think that the near future will see more express efforts to prevent pregnant people from traveling to states where abortion is legal. Missouri, for instance, recently considered a bill that would expressly impose civil liability on anyone who helps a Missouri resident travel out of state to get an abortion.28 A legislative caucus in the Texas House of Representatives accused the law firm Sidley Austin and its partners as individuals with felony criminal liability for paying for employees’ abortion-related travel costs.29 Criminal prohibitions on abortions, the caucus argued, also included drug-induced abortions if “any part of the drug regimen is ingested in Texas, even if the drugs were dispensed by an out-of-state abortionist.”30 In the same letter, they announced plans to impose an array of additional civil and criminal sanctions on firms that pay for abortions or abortion travel, including, for instance, introducing a provision requiring disbarment of lawyers who fund abortions, and another that “will allow private citizens to sue anyone who pays for an elective abortion performed on a Texas resident.”31 More broadly, some conservative legal organizations are drafting model legislation designed to prohibit cross-state abortions, and lawmakers in an array of states have expressed interest in introducing such laws.32

Criminalization is also on the horizon. The law regarding a state’s ability to prosecute out-of-state criminal conduct is surprisingly unsettled.33 The bottom line, however, is that there will be serious efforts to criminalize abortion, aiding or abetting in obtaining or providing an abortion, and traveling out of state to get an abortion.34 Furthermore, there is sufficient ambiguity in the legality of such efforts for states to at least attempt to undertake prosecutions of residents who travel to get abortions, either under laws prohibiting abortion generally or under laws expressly addressing interstate travel.35 While there are serious arguments that these interstate prosecutions would pose constitutional or jurisdictional problems—indeed, the Supreme Court has suggested as much, albeit in dicta and while Roe was still on the books36—such arguments are by no means ironclad or settled.

The limitations, if any, on states’ ability to regulate with respect to these issues across jurisdictional boundaries remain largely uncharted. Although Justice Kavanaugh suggested in his Dobbs concurrence that the “right to interstate travel” would cabin states’ ability to prohibit women from seeking out-of-state abortions,37 that is far from a foregone conclusion. Neither the other four Justices who joined the majority opinion nor Chief Justice Roberts suggested the same, and the Constitution does not expressly identify the right to interstate travel.38 Moreover, the scope of the “right to travel” is far from well defined, even outside the abortion context.39 And a number of potential interstate issues—like efforts to penalizing out-of-state providers or insurers—do not obviously implicate the right to travel in the first place.

In response, other states are positioning themselves as safe havens for those seeking abortions. Even before Dobbs, sixteen states and the District of Columbia had codified the right to an abortion,40 thereby protecting abortion in the (now realized) event that Roe should be limited or overruled. Now, states are taking further steps to protect those who enter their borders to receive abortions, as well as providers who treat such patients. For example, in May 2022, Connecticut enacted a new law that allows for a private right of action when a judgment is “entered against such person . . . where liability, in whole or in part, is based on” an abortion that would be lawful in Connecticut.41 In other words, if someone sues an individual for aiding an abortion, that individual can countersue to recover their damages. The new Connecticut law also includes liability shields and prohibitions on using state resources to aid in interstate abortion litigation.42 Connecticut’s law is now serving as a model for other jurisdictions, such as Washington, D.C.43

Other states take different approaches. For example, a recent New York bill would provide funding to abortion providers in order to “increase access to care” by “growing the capacity of abortion care providers to meet present and future care needs.”44 In California, a recently enacted law provides grants to provide “practical support,” including “airfare, lodging, . . . [and] gas money . . . to help a person access and obtain an abortion.”45 Finally, a recently enacted New Jersey law would prohibit the state from extraditing an individual if the individual’s crime relates to the “termination of a pregnancy.”46 These states are seeking to protect their providers as well as anyone who seeks an abortion within the state.

Similar dynamics are playing out with respect to another politically contested form of medical care: gender-affirming care for transgender children. Several states have either passed laws47 or introduced bills48 subjecting medical professionals to discipline for providing gender-affirming care for young people. Additionally, more dramatic efforts to criminalize providing or facilitating gender-affirming care for minors are ongoing. In February 2022, Texas’s governor issued a directive to the state Department of Family and Protective Services classifying “sex change” procedures as “child abuse under existing Texas law” and instructing the agency “to conduct a prompt and thorough investigation of any reported instances” of gender-affirming care.49 After a brief pause in response to an injunction, that directive is again being enforced.50 Alabama’s governor recently signed a law making it a Class-C felony for any person to “engage in or cause any [gender-affirming care] to be performed upon a minor.”51 Under a similar bill in Oklahoma, a parent or provider could be punished with life imprisonment and a $20,000 fine.52

Unsurprisingly, in the face of these laws, some families of transgender children intend to seek care in friendlier states.53 As with abortion, those states have taken steps to create safe havens for transgender children, their parents, and their doctors. The Washington, D.C., abortion bill, for instance, would provide identical protections related to gender-affirming care.54 New York’s and Minnesota’s legislatures have recently introduced protective bills that would also prohibit the use of subpoenas under these circumstances and would protect parental rights lost or threatened in other states.55 The New York bill would bar local law enforcement from cooperating with related interstate proceedings,56 and the Minnesota bill would void out-of-state warrants issued based on gender-affirming care.57 California’s legislature has also introduced a bill that would prevent local law enforcement from arresting an “individual pursuant to an out-of-state arrest warrant for violation of another state’s law against providing, receiving, or allowing a child to receive gender-affirming health care.”58 As with the abortion bills, blue states’ approach is generally to thwart red-state efforts to penalize their citizens for providing, facilitating, or receiving gender-affirming treatments for children in states where that care is legal and to protect in-state providers.

The bottom line is that some states are undertaking serious efforts to shield those who receive contested medical procedures such as abortion and gender-affirming care that are legal within their borders from long-arm prosecution elsewhere. As the next Part discusses, however, there is a significant gap in these efforts—specifically in the statutory provisions that aim to shield medical records.

II. the interoperability trap

As one component of their efforts to create safe havens for abortion, a few state legislatures have attempted to protect medical records from being used against patients in litigation intended to punish obtaining or providing abortions. The problem is that these efforts fail to protect records once they leave the hands of an in-state provider. Given the current technological and regulatory backdrops, this is an enormous oversight.

Connecticut’s safe-haven protections for abortion medical records are a notable example. With respect to the medical information it covers, the statute is phrased broadly: it bars covered entities from disclosing “any communication made to such covered entity, or any information obtained by such covered entity from [] a patient [or their representatives] relating to reproductive health care services . . . that are permitted under the laws of this state,” as well as “any information obtained by personal examination of a patient relating to reproductive health care services” without specific written consent.59 The list of covered actors is also quite broad. In accordance with HIPAA, “covered entities” include health plans, healthcare clearinghouses, and healthcare providers who transmit electronic health information related to transactions covered by HIPAA.60The Connecticut statute is also phrased relatively broadly with respect to the proceedings to which it applies: any “civil action or any proceeding preliminary thereto” or “any probate, legislative or administrative proceeding.”61 These general provisions plainly aim to provide broad protections for sensitive records that could be powerful evidence against providers or patients.

Other states’ safe-haven bills and statutes similarly attempt to protect health information with respect to abortion and/or gender-affirming care for children. The proposed D.C. law, for instance, would prevent the District from providing “any information . . . in furtherance of any interstate investigation or proceeding” based on abortion or gender-affirming care.62 The Minnesota bill would render a “subpoena issued in another state” unenforceable if it seeks “information about a person or a person’s child” who received gender-affirming care locally.63 The New York bill would specifically protect documentation about medical procedures and would prevent local law enforcement from providing information “regarding the provision of” gender-affirming treatment performed in the state.64 Finally, California’s safe-haven law prohibits the issuance of a subpoena if it “would require disclosure of [medical] information related to sensitive services” and “is based on the violation of another state’s laws” about gender-affirming healthcare for children.65

Importantly, these laws are generally limited to preventing providers and other covered parties from directly sharing information in formal proceedings. They offer no protection against sending records across state lines for purposes of patient care and, therefore, do not fully protect abortion and gender-affirming care records from being used in litigation. The reason is simple: in-state providers subject to a safe-haven law will, in the ordinary course of business as their patients seek care in other states, share medical records with out-of-state providers66 who are not subject to that law and who can therefore easily be asked to hand over the records in litigation.67 This gap in protection is abortion’s interoperability trap. Under it, abortion records otherwise protected by a safe-haven law might be easily obtained in litigation from any other state where the patient subsequently receives care, abortion related or not. Needless to say, the odds that a patient will subsequently receive care in her home state are high.

Therein lies the rub: even assuming a maximally protective interpretation of a state law protecting abortion medical records (i.e., assuming that such a law would be interpreted and upheld as preventing providers and other covered entities from handing over the patients’ information in civil or criminal proceedings), it will not reduce the flow of abortion records between and among healthcare providers, including out-of-state providers that are not subject to another’s privacy laws. In the developing medical-records ecosystem, this gap creates an enormous loophole, one which—if weaponized by antiabortion litigants—would swallow the protections the legislation purports to offer.

A. The Regulatory Push Towards Records Sharing

This gap in legal protection poses a problem that would be important even if interstate records sharing were relatively rare, as it was in the past. However, the gap’s practical effect is seriously compounded by the way in which the legal and technological ecosystem of medical records is evolving towards seamless transfer.68 Medical records are more easily and widely shared than ever before, and regulatory changes that went into effect in 2021 and now apply to all electronic personal health information, rather than just a narrow subset of specific datapoints,69 have significantly shifted the incentives for those with access to medical records to begin sharing those records far more widely. In short, in many situations, both those who operate electronic medical-records systems and providers who use them are effectively required by law to send medical records to other treating providers.70 The exceptions to this default rule—for instance, to respect patient consent—are permissive, not mandatory,71 and are narrowly framed.72 In practice, it is increasingly implausible that the medical records from a patient’s abortion care would reliably remain in the hands of one particular provider or in one state.

Policymakers have long had a goal of easy and widespread transfer of electronic medical records across healthcare practices. In 2016, as part of the 21st Century Cures Act, Congress enacted a statutory prohibition on providers, technology developers, and other actors from “information blocking”—that is, from engaging in practices that are “likely to interfere with, prevent, or materially discourage access, exchange, or use of electronic health information.”73 The law is intended to counteract perverse incentives that healthcare providers and information-technology companies often had to hoard patient information.74 In 2020, the U.S. Department of Health and Human Services’s (HHS) Office of the National Coordinator for Health Information Technology released the Information-Blocking Rule, which implements that statutory directive and identifies exceptions from the general prohibition on information blocking.75 After several years of rulemaking and pandemic-related delays, significant portions of the regulations implementing that broad statutory edict are in effect (though enforcement details are still under development).76 The takeaway is that the statute and its implementing regulations require providers and others to share patient information seamlessly with other providers and health-information-technology companies. While enforcement is in its infancy, so far, in the majority of claimed violations of the Information-Blocking Rule, the claimant is a patient and the alleged violation is by a provider.77

If you have recently been to a new doctor and discovered that the office had access to your prior health records from an unaffiliated practice, you are likely experiencing the results of these new developments. The problems that the information-blocking provisions are intended to address are real.78 These problems are likely to continue for some time79—indeed, some scholars have expressed skepticism that the benefits of full interoperability will ever realistically be achieved.80 However, the animating thrust of federal law is now that the easy, fast transfer of medical records is generally mandatory. Accordingly, broader records-sharing is only poised to escalate.81

The Information-Blocking Rule establishes various exceptions, which permit practices that impede the flow of electronic health information in some limited circumstances.82 However, these exceptions provide little solace for those seeking to prevent the disclosure of abortion records. The best prospect for protecting abortion records under the Information-Blocking Rule is probably the general “privacy” exception.83 Under this exception, providers are allowed to enact certain preconditions before sharing information, but only if they are careful in doing so. Specifically, any precondition policy must be well-tailored and implemented consistently.84 Furthermore, if the precondition involves patient consent, the provider must take steps to cure any defects in a patient’s attempt to give consent and must take care not to “improperly encourage or induce the individual to withhold the consent” to share their records.85 Accordingly, while a hospital could craft a consent regime that would enable patients to opt out of information sharing for their abortion records, they face little legal incentive to do so, and the regime would have to be carefully tailored.

Other exceptions to the Information-Blocking Rule are even less helpful. Take, for instance, the “[p]reventing harm” exception, which establishes the parameters for when providers can hold records back in order to avoid harming a patient or third party.86 To be covered by this exception, unless withholding the records relates to erroneous or corrupt data, the risk of harm must be “determined on an individualized basis” by a “licensed health care professional who has a current or prior clinician-patient relationship with the patient.”87 A hospital system that, for example, adopts a categorical practice of declining to share the abortion records of women whose home addresses are in other states would probably not meet these individualized-basis requirements. Moreover, it is unrealistic to expect individual, overburdened doctors to make a particularized assessment for each patient. And even if many abortion providers would make the effort, such an approach leaves considerable room for user error.

More importantly, all of the exceptions to the Information-Blocking Rule are permissive, not mandatory.88 There is no legal pressure on providers to adopt protective practices. Put a different way: a system that shares abortion records with a patient’s new provider even over the patient’s express objection, or even with knowledge that the information might be used to prosecute the patient, would not violate any federal privacy rule. The legal pressure, in truth, pushes in the opposite direction—toward erring on the side of sharing medical records within and among other medical providers.89

Moreover, recent legislative histories give reason to be skeptical that all providers (especially hospitals, as opposed to small abortion clinics) will adopt particularly protective practices against this backdrop. For example, in Connecticut, the state hospital association— wrongly implying that the initial bill would promote unlawful “information blocking”—specifically lobbied for statutory language expressly clarifying that information could still be shared broadly.90 The statute was subsequently amended to include a superfluous caveat that abortion medical records can still be widely shared in the course of ordinary business.91

B. Why Existing Privacy Law Is Cold Comfort

Beyond the Information-Blocking Rule, one might wonder if there are other safeguards that would protect medical records from easily being obtained and used against an abortion patient in litigation. The political discourse surrounding medical records could easily give the impression that those records are quite private—after all, soaring rhetoric about the “sanctity” of such records abounds.92 Unfortunately, the positive law cannot bear the weight of such rhetoric. Based on a review of protections offered by HIPAA and the Fourth Amendment, the answer is a resounding “probably not.”

1. HIPAA

HIPAA will not provide the needed protections against the interoperability trap. HIPAA is famously misunderstood: while often referred to as a burdensome bulwark for patient privacy,93 in reality, it permits medical records to be shared remarkably widely and without patient consent.94 Shortly after Dobbs came down, HHS issued guidance “to help protect patients seeking reproductive health care, as well as their providers.”95 While HHS stresses that “providers are not required to disclose private medical information to third parties,”96 and the new guidance provides aggressive interpretations of some HIPAA provisions,97 the agency’s guidance does not address the problem identified in this Essay because it does not address the flow of medical information between providers and throughout the healthcare system itself.

To understand why HIPAA—even as aggressively interpreted by the HHS of a Democratic administration—does not address the interoperability problems, two sets of provisions within the HIPAA Privacy Rule (the key implementing regulation) must be noted. First, the HIPAA Privacy Rule permits providers to share medical records in most legal or administrative proceedings, including in the investigative phase.98 Generally, covered entities may share information in response to enforceable requests in the course of “any judicial or administrative proceeding”99 or for “a law enforcement purpose” in response to warrants, subpoenas, summonses, or administrative requests.100 While these provisions do not allow providers to voluntarily hand information over to law enforcement absent a formal request,101 there is no special protection for abortion-related information. The rules vary depending on whether the subpoena was issued by a judge (as opposed to an attorney or clerk of court), but the bottom line is that, so long as certain protective measures are in place, HIPAA ordinarily permits records to be handed over.102

Second, the HIPAA Privacy Rule expressly permits patient records to be shared whenever the sharing is for treatment purposes.103 While in many circumstances HIPAA requires sharing only the minimum necessary information,104 there is no such limiting principle when the general purpose is patient care, in which case covered entities can share all of a patient’s personal health information.105 Furthermore, as discussed above, the Information-Blocking Rule effectively mandates sharing records among providers and information-technology systems in most situations.106 This means that if a new provider requests records from a previous provider or seeks them from a centralized information-technology system for retrieving interoperable records, there is no HIPAA-based legal obstacle to sharing the records without further inquiry or steps. On the contrary, there are legal loopholes to jump through if a provider wishes to impose protective policies.107

The current safe-haven legislative efforts to protect medical records chiefly target the disclosure of records in formal proceedings. Under such legislation, covered entities in safe-haven states will be expressly barred from sharing the relevant records in response to most subpoenas and similar formal requests arising from out-of-state litigation.108 Such protections will be categorically insufficient, however, with regard to information shared outside of those circumstances—of which there is a great deal, given the actual details of HIPAA and the new federal anti-information-blocking rules.

2. The Fourth Amendment

The Fourth Amendment’s prohibition on unreasonable searches and seizures will also be of little assistance in protecting medical records from being easily used against an abortion patient in litigation.109 Since the Fourth Amendment applies only to government actors, it has no bearing on discovery efforts in the vigilante-style civil lawsuits contemplated by Texas’s S.B. 8 and similar statutes.110 Nor does it protect against vigilante (or intimidated) providers voluntarily transmitting records to law enforcement.111 If, for instance—referring back to the hypothetical about Jane Doe—a Missouri doctor gave a prosecutor a record of Jane Doe’s abortion in Connecticut, the Fourth Amendment would not prevent those abortion records from being used in court.112

Most importantly, even at its remedial maximum, the Fourth Amendment requires only a warrant based on probable cause in order for law enforcement to obtain records.113 This means that even assuming that the Fourth Amendment protects medical records at all—an assumption of arguable merit under existing doctrine114—law enforcement could still obtain those records with relative ease, as the probable-cause standard is not particularly burdensome.115 If, for instance, Jane Doe’s ex-boyfriend or friend informed law enforcement that she had expressed ambivalence about a pregnancy and then experienced a miscarriage, that may well suffice as probable cause, especially if law enforcement conducted an initial investigation in response.116 As others have explained in greater depth, law enforcement might even be able to obtain a warrant based on data they purchased from data brokers identifying in-state residents who had been in close geographical proximity to an out-of-state abortion clinic or who had searched for keywords related to abortion access.117 Once a judge issues a warrant, a medical record could be powerful evidence.

III. solutions

To prevent records regarding in-state abortions from being used in litigation against patients or those who help them, states must account for medical record interoperability and a federal regime intended to promote records sharing (and limit records withholding) among providers. To do otherwise could—by inadvertently luring out-of-state patients under a false sense of security—be worse than doing nothing. Fortunately, a range of state and federal actors could intervene to shield medical information. And even absent legal intervention, private providers and other stakeholders could take steps to better protect records. Given the dynamic nature of the problem and the potential medical stakes, deciding which approaches to undertake will require careful contextual weighing of competing policy goals. The goal of this short Essay is thus to canvas promising potential approaches, rather than to provide a comprehensive prescriptive road map. What is clear is that, if the ultimate goal is to meaningfully protect abortion seekers and providers, the status quo is not sufficient—action, of some sort, is a must.

A. State Responses

States seeking to be safe havens for abortions and protect medical records must take steps not only to prevent those records from being handed over directly to out-of-state abortion litigants, but also from being carelessly passed over to actors in states where records would more easily be requisitioned. HIPAA, happily, would not pose a barrier to state legislation along these lines; it generally functions as a floor for privacy rights but expressly clarifies that states may enact privacy rules that are more protective of individually identifiable medical information.118 The federal Information-Blocking Rule likewise applies only in the absence of more protective state laws. States, in short, have room to act.

The most effective legislative approach for states may be to prohibit electronic-health-record vendors and health-information exchanges from facilitating the transfer of abortion-related data across state lines. Aiming legislation at this narrow group, rather than at most or all covered entities, might have a few advantages. For one, it could make it easier to discern who is responsible for a breach of the policy (rather than risk a situation where different actors—say, abortion providers and health-information exchanges—can simply point fingers at each other when abortion-related data is improperly transferred across state lines). Moreover, it would include well-resourced and sophisticated actors (like Epic Systems) that functionally exercise a huge influence over the overall electronic-health-record ecosystem.119 Finally, states could keep the legislation focused on the “what”—don’t let abortion-related records cross state lines—rather than the details of “how” to adjust electronic-health-record systems to enable that restriction. This shift in focus would put the onus for figuring out implementation details on those who are relatively better-positioned to weigh the feasibility and tradeoffs of various approaches.

States could also impose prohibitions or requirements on providers, insurers, and other covered entities. A potential drawback of this approach is that imposing requirements on a wide array of actors might lead to buck-passing and finger-pointing in case of mistakes, reducing the clarity and power of incentives imposed on one set of entities (e.g., vendors). But, it may be that requirements on providers or others could be structured to minimize that risk. For instance, a statute could prohibit covered entities from disclosing any information pertaining to an abortion to any health-information network or exchange, clearly laying the obligation on whoever uploads the information. A more flexible approach, and one that would potentially be less onerous on providers, would be to give providers a choice: either use an electronic-health-record system that will not transfer abortion records out-of-state except in specified circumstances, or use paper records for abortion-related procedures. Providing this sort of systems-level choice would provide better incentives for technology companies to create such electronic-health-record systems in order to stay competitive, as well as reduce the burden on providers to avoid one-off mistakes. Given the enormous burdens already on abortion providers, it is important to avoid adding any significant hassle costs for providers if other approaches could be similarly effective.

Another state-level approach that would strike a less protective balance between litigation protection and patient-care concerns would be to simply impose significant barriers to accessing abortion-related records. States could require, for instance, that providers, insurers, and other actors only share abortion-related records after obtaining specific consent from a given patient. They could likewise require that before obtaining that consent, providers give abortion patients a detailed explanation regarding how certain records could be used against them if obtained in out-of-state litigation, which would at least enable those who have obtained abortion services to exercise additional caution in seeking out-of-state care. Additionally, states could require that both health-information-technology companies and providers ensure that information related to abortion be segmented from other pieces of an electronic medical record and shared only upon request by a patient or a provider who expressly verifies that the records are necessary for an identified treatment purpose. States could extend similar approaches to gender-affirming care records.

Under any approach, the precise level at which “abortion-related information” should be defined for withholding or segmentation from other medical information is a tough call, given potential tradeoffs. The simplest approach, for instance, would be requiring differential treatment for all reproductive records. The problem, however, is that this segment of records could be materially relevant to a wide array of other medical issues beyond abortion, from skincare treatments to cardiac care, and other providers may reasonably request them as a matter of course so frequently that the protection becomes vanishingly small in practice. Accordingly, it might be preferable to segment for preferential treatment only records pertaining to a pregnancy loss—or, even more specifically, to the reasons and causes for a pregnancy loss (i.e., induced abortion versus spontaneous miscarriage). On the other hand, even the simple fact that a patient has been treated by a certain provider or at a certain address might be enough to plainly indicate that she received an abortion (e.g., if nonsegmented records indicate treatment at a clinic devoted exclusively to providing abortion services)—meaning in some instances, even a list of providers or clinic addresses would need to be segmented for this approach to be effective. Line-drawing problems aside, under a segmenting approach, legislators could draft a law allowing certain providers—for example, an obstetrician assessing the likely trajectory of a patient’s labor or evaluating the patient’s causes of infertility—to retrieve more specific data upon the patient’s consent and/or an adequate verification of urgent medical need, while the data would remain unavailable to doctors who need only know that a patient had a prior pregnancy. Ultimately, striking the right balance would require careful legislative consideration of competing concerns.

State-level legislation has several advantages. Most importantly, it is politically feasible in some states, as demonstrated by the safe-harbor laws already in effect. Furthermore, it can have ripple effects outside of the enacting state. In practice, the impact of state privacy legislation would not necessarily be limited to that state’s borders. Information-technology companies and other actors who operate across state lines may respond by adopting practices that comply with the most protective state laws, and successful protective regulation in one state may well catalyze similar efforts in other states.120 Admittedly, this effect will likely be reduced as enforcement of the information-blocking regime ramps up, since companies will be allowed to enact protective practices only as required by law or consistent with other exceptions to the prohibition on information blocking. Nevertheless, there should still be some practical cross-border effect to state legislation imposing high barriers to accessing abortion-related records; the legislation would create immediate incentives for vendors of electronic-health-record systems and other information-technology companies to modify their interfaces to allow for tagging and segmenting these records by category or to create the appropriate pop-ups requiring doctors to verify that abortion-related records are necessary. Such technological changes could then enable doctors nationwide to take protective steps to segment sensitive information even beyond whatever is required in the jurisdiction where they practice—although to do so lawfully, they will still need to comply with the Information-Blocking Rule.

Limiting the flow of medical information necessarily requires making some difficult tradeoffs and careful legislative balancing; state legislators would have to assess these solutions’ effects. Any approach that meaningfully restricts electronic access to abortion records could have deleterious effects on patient care in some circumstances. For instance, it is not unusual for women to show up at a hospital besides their own providers’ if labor and related complications occur unexpectedly—and under those circumstances, medical records that include information about a past abortion may provide relevant information concerning how to proceed with the patient’s medical care. That said, it may be that the fact of an abortion itself (as opposed to the fact of a prior pregnancy that ended) is ordinarily of little clinical relevance121—while the risk of prosecution looms large. While patient care concerns must be weighed, they do not obviate the need for action.

B. Federal Responses

Federal legislation analogous to these state approaches (for instance, requiring the segmentation of pregnancy or abortion records), would be especially powerful. As a practical matter, however, given the composition and dynamics of the current Congress, such legislation seems unlikely; the most serious opportunities to protect abortion rights through creative legislation right now lie in states. That said, there are a number of actions that the federal government could potentially take to bolster the effectiveness of state safe-haven efforts.

HHS should consider amending the HIPAA Privacy Rule or, at least, the Information-Blocking Rule, to enhance protections for abortion records.122 The most patient-protective response would be to amend HIPAA’s Privacy Rule. For instance, HHS could amend the Privacy Rule to require obtaining specific consent before sharing records pertaining to abortion-related care, as the regulations currently require for psychotherapy notes.123 This would mandate more privacy and patient input for sensitive care that, if disclosed, could lead to prosecution. A less aggressive, but still helpful, approach would be to amend the Information-Blocking Rule to expressly protect hospital policies that are tailored to protect information related to abortion procedures. An amendment like this to the Information-Blocking Rule would not lead to any penalties for providers that did share such information. But it would at least offer a well-lit path for providers who wish to enact protective policies to keep a tight lid on highly sensitive, politically contested medical information. It would also undermine any specious argument that federal law prevents providers from doing so. Amending the HIPAA Privacy Rule or the Information-Blocking Rule would not be entirely simple, though. Such amendments would likely require notice-and-comment rulemaking, which can be burdensome, but would also help the agency fully understand the costs and benefits of various approaches. They would also invite challenges about the scope of HHS’s authority, especially given the litigiousness that just about any issue involving abortion seems to invite.

Notwithstanding barriers to their implementation, federal approaches would have the advantage of applying to all medical records, even in states that are not angling to be abortion safe havens. That said, neither amending the HIPAA Privacy Rule nor amending the Information-Blocking Rule would prevent providers or covered entities from disclosing information to law enforcement officials or in other formal proceedings (beyond those restrictions currently in place). Rather, these approaches would reduce the likelihood of information about politicized forms of medical care percolating freely within the medical information ecosystem, between providers, and across state lines. In a world of motivated abortion-bounty hunters, reducing the number of hands that can touch sensitive records is a goal worth pursuing. Federal changes would accordingly bolster the effectiveness of state safe-haven attempts to prevent abortion-related records from finding their way into prosecutions or other litigation.

C. Private Responses

Even absent HHS rulemaking or state legislation, providers interested in protecting themselves and their patients should implement policies consistent with the Information-Blocking Rule’s privacy exception. Notably, such efforts would not be necessary if a state imposed more privacy protective laws because the information-blocking regulations contain an exemption for protective state laws.124 However, because states may or may not act quickly enough, providers themselves should act. For the time being, there is no actual enforcement of information-blocking provisions against providers125—but it would nevertheless be a mistake for providers to overlook the practical impact that the information-blocking regime has on the technological ecosystem they are operating in. Patient data now travels farther than many clinicians may realize.

To deal with this ecosystem, providers could potentially adopt a policy requiring that medical information pertaining to an abortion, miscarriage, or stillbirth126 be released only after the patient has provided specific written consent and has been told verbally about the risk that, if shared, the records may end up in the hands of providers in states where abortion is illegal. To be sure not to run afoul of the Information-Blocking Rule, providers’ compliance teams would need to ensure that any consent requirement is not too onerous, that they attempt to follow up when patients try to later consent to sharing the information, and that the consent requirement is consistently implemented in practice.127 Motivated and resourced providers may well be able to meet these requirements, but it is far from clear that voluntarily protecting patients from litigation threats will be a priority for hospital systems dealing with many demands. Smaller abortion clinics, conversely, may be highly motivated to protect patient privacy but may lack the resources to keep abreast of exactly how their patients’ data is moving through the newly emerging technological ecosystem.

Other, less formal, approaches by private actors could also be helpful. Providers could make it more difficult to use medical records against patients by being mindful of the information included in a record—for instance, using a single code within a medical record for all pregnancy losses rather than distinguishing between “elective” or “induced” or “spontaneous” abortions, or being mindful not to enter extraneous data regarding the reasons for a patient’s loss unless plainly medically relevant. By making information in medical records more general, providers could make it more difficult to review a record and use it in abortion-related prosecution. Along similar lines, even if not required by law, electronic-health-record vendors and other health-information-technology companies should make it possible to meaningfully segment especially sensitive information pertaining to abortion so that providers can, as a practical matter, take that step.

On the more extreme end of self-help measures, to fully protect their patients, providers should be sure that they understand exactly how far the information in their electronic records systems can travel—and if the answer is “too far,” they should consider whether electronic records are necessary to their practice at all, at least with respect to patients traveling from out of state. The Information-Blocking Rule does not apply to paper records. For providers with many out-of-state patients, and in settings where the mere fact that a patient was treated at a particular clinic or by a particular provider would be enough to plainly indicate that the patient had sought an abortion, the benefits of electronic health records may not outweigh their costs.

These proposed state, federal, and private approaches all come with tradeoffs. The Information-Blocking Rule was implemented in the first place due to the beliefs that strong regulations were needed to make it easier for patients to obtain care across providers without enormous hassle and that anything that further fragments and complicates the medical-information ecosystem hinders patient care in other contexts—including and perhaps especially in obstetric care, where the details of prior pregnancies’ trajectories may be especially important. This burden of the additional complexity would then be disproportionately borne by those who have received abortions, who are themselves disproportionately likely to come from communities who are marginalized across other dimensions.128 In an era in which medical procedures are legal in one state but actively and aggressively persecuted in others, however, such hassle may be an inevitable cost that we must be willing to pay to preserve both patient autonomy and meaningful access to targeted forms of medical care.

Conclusion

Much about the post-Roe world remains uncertain. A decade from now, the legal landscape might be straightforward. Perhaps the courts or Congress will establish clear limitations on states’ abilities to interfere with interstate travel to receive or perform abortions, or various states will simply stick to forbidding in-state doctors from performing abortions in different circumstances, and those who can afford and manage the logistics will be able to travel freely and legally out of state with little interference. But it may also be that in at least some states or localities, those who receive an abortion anywhere will remain under threat of persecution, whether by bounty-hunting neighbors or by law enforcement. In the meantime, zealous legislators, municipalities, prosecutors, and activists will continue to use creative tools to punish and prevent abortions, including, in all likelihood, those that cross state lines. Against that backdrop, both patients and providers should better understand the stakes of what gets entered into and who can access their medical records.

In the long run, the right balance between privacy protections and the free flow of medical information will depend on the landscape of abortion rights—for example, if those who seek legal abortions in one state may be prosecuted for murder in another, safe-haven states will need to take a much more extreme approach than they would in a world where there is no such risk. In these uncertain times, though, we cannot ignore the baseline problem. At minimum, those who seek to protect abortions should minimize the easy availability of related medical records. The inescapable fact remains: (1) when medical care is politicized and persecuted in some parts of the country; (2) records related to that care need extra protection; (3) if access is to be preserved elsewhere. Right now, those who favor abortion rights have insufficiently appreciated what meaningfully protecting records looks like and thus cannot ensure access to abortion care.

Allowing abortion-related records to flow freely through an interconnected technological ecosystem risks harassment, litigation, and devastation for patients and providers. If states wish to protect patients’ in-state records from being used against those patients, they must account for the widespread sharing of medical information across the country. Others—such as providers or HHS—who wish to protect those who receive or provide politicized care should also act to mitigate the risks. And at an absolute minimum, patients receiving reproductive healthcare must be made aware of the risks posed by the emerging ecosystem of interoperable records. To permit people to receive care under the illusion that their records cannot come back to harm them would be a grave injustice.

Associate Professor, The University of Connecticut School of Law. Thanks are due to Bethany Berger, Erin Bernstein, Kiel Brennan-Marquez, John Cogan, David Cohen, Glenn Cohen, Mathilde Cohen, Greer Donley, Craig Konnoth, Matthew Lawrence, Brendan Maher, Natalie Ram, Emma Sokoloff-Rubin, Kelly Pfeifer, and Melissa Wong, as well as numerous others who shared their on-the-ground perspectives with me. Exceptional research assistance was provided by Riley Breakell, Megan Medlicott, and Cara Moody.