Knowledge Center
Episode 178: Pitfalls But Promise. The State of Healthcare Cybersecurity with Scott Mattila, COO & Chief Security Officer, Intraprise Health
June 29, 2022
Written by Samantha Holvey, MHL, Director, Workgroups & Communication
Updated 7/8/22
Back in 2009 when I was thinking about going to grad school but wasn’t quite sure what I wanted to study, I read “Half the Sky: Turning Oppression into Opportunity for Women Worldwide” and my world was changed. Deeply moved by the lives of a Cambodian teenager sold into sex slavery and an Ethiopian woman who suffered devastating injuries in childbirth, I was on a mission to help transform the lives of women in developing nations.
Fast forward to this past Friday, and my world was changed again. Bodily autonomy, the foundation upon which other human rights are built, has been taken from women by the U.S. Supreme Court. The fetal heartbeat law has already gone into effect in South Carolina where I live. I no longer have to travel to developing nations to help women that are being denied healthcare because we are being denied lifesaving medical treatment in more than half of the United States.
Even before Roe was overturned the maternal mortality rate in our country was higher than any other developed nation. Those who live in rural areas, women of color, and low-income populations will absolutely be the most impacted by these new laws on reproductive health. A study estimating the effects of an abortion ban on maternal death by the University of Colorado, Boulder, found that among Black women, maternal deaths could increase by one-third. Black women are already three times more likely to die of pregnancy-related causes than white women. The Department of Health and Human Services (HHS) has made health equity a priority through the Equity Action Plan, and these laws on women’s health have no place in an equitable health system.
So, armed with a master’s degree in Healthcare Leadership and 10 years of health IT experience working at WEDI, I’ve summarized important information for women to consider regarding their healthcare.
HIPAA doesn’t protect reproductive records from prosecutors. If there is a warrant, court order, or subpoena for the release of those medical records, then a clinic is required to hand them over. Patients and providers may be made legally vulnerable by health-related data we generate through devices every day. (Boodman, Bannow, Herman and Ross, 6/24). HHS guidance on the HIPAA Privacy Rule and Disclosures of Information Relating to Reproductive Health Care may be found here. HHS has also created a Reproductive Rights site to provide accurate and up-to-date information about access to and coverage of reproductive health care and resources. If you believe that a HIPAA-covered entity or its business associate violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy, Security, or Breach Notification Rules, you may file a complaint here.
Data from apps — whether subpoenaed or sold to a third party — could be used to suggest that someone has had or is considering an abortion. Flo, which bills itself as the most popular period and cycle tracking app, has amassed 43 million active users. Another app, Clue, claims 12 million monthly active users. Other health apps like Apple Health and wearable devices like the Oura ring also capture sensitive data like symptoms and body temperature, which could be used as evidence against a person. Not to mention every app that collects location information now becomes risky. Regarding cycle tracking apps, if police are interested in data stored on your device, they would need a warrant, but if the data is in the cloud and owned by a company, a subpoena (easier to get than a warrant) would be necessary to access the data. HHS guidance on protecting the privacy and security of your health information when using your personal cell phone or tablet may be found here.
Telehealth appointments for FDA approved medication abortion. Mifepristone used in combination with misoprostol – commonly prescribed for stomach ulcers – has been approved by the Food and Drug Administration since 2000 to induce an abortion so long as a woman is within 10 weeks of pregnancy. Some states have already banned the use of telehealth appointments and these pills, but organizations like Just the Pill have created mobile clinics and financial assistance so patients can travel to states where these services are available. For providers in states where it is legal, here is an electronic health record template for medication abortion office visits. This template can be adapted for many EHR systems.
Some states have passed laws or are contemplating taking action to prevent disclosure of PHI related to reproductive health services. On May 5th Connecticut signed the Reproductive Freedom Defense Act into law. Due to the act, covered entities in Connecticut would not be permitted, absent patient authorization (or other authorized representative consent), to disclose the patient’s reproductive health medical records even if the prosecutor or law enforcement agent had a valid subpoena to obtain such information. Also due to the Act, a Connecticut covered entity should never receive a subpoena for reproductive health information from an out-of-state court without adequate authorization from the patient or an authorized representative. Additionally, the Act would likely not be preempted by federal law because it is more stringent than HIPAA. However, it should be noted that the Act does not explicitly prohibit HIPAA business associates from disclosing reproductive health information.
Update: On July 5th the Rhode Island Governor signed an executive order that safeguards patients traveling to Rhode Island to receive reproductive health services from prosecution. It also shields reproductive health care providers who perform abortions on out-of-state patients from legal liability.
The Affordable Care Act mandates that recommended preventive services, including contraception, be covered with no cost sharing. Secretaries Walsh and Becerra joined Treasury Secretary Janet L. Yellen in issuing a letter to group health plans and health insurance issuers reminding them of their obligations under the ACA to provide coverage for contraceptive services at no cost. Their letter discusses the general contraceptive coverage requirements and reported instances of potential non-compliance, and warns that enforcement actions may be taken if non-compliance continues.
Resources for Providers. Women are not the only folks that may suffer life changing consequences due to the Dobbs ruling. Physicians, nurses, hospitals, administrators, and others will be navigating a labyrinth of legal requirements instead of focusing on what is best for their patients. Two dozen medical groups, including the American Medical Association and the American College of Obstetricians and Gynecologists, laid out the ethical dilemma faced by physicians in an amicus brief to the Supreme Court: "The ban forces clinicians to make an impossible choice between upholding their ethical obligations and following the law," the brief reads. RAD is an organization that provides grants, loans, and free technical assistance to both taxable or tax-exempt independent providers. They also offer free legal compliance assistance, and a variety of tools and resources for providers.
“Half the Sky” authors and Pulitzer Prize winners Nicholas D. Kristof and Sheryl WuDunn help us see that the key to economic progress lies in unleashing women’s potential. I have been deeply moved by the women and men that have shared their experiences on the front lines of medical care and as patients with reproductive health testimonies. As we are all uniquely affected, we are all uniquely abled to fight against injustice. Let us especially remember to help women of color, and low-income populations as the abortion bans will be the most devastating for them.
This list is by no means exhaustive and if you would like to add more information, please contact sholvey@wedi.org.