At a time when abortion access can vary widely across the U.S., many reproductive health advocates are concerned about the impact of data sharing systems that automatically transmit patients’ electronic health records across institutions and state lines. The Biden administration is looking to introduce new regulations to bolster patients’ privacy — but the proposed rules are getting pushback from companies like UnitedHealth Group and Epic, which argue that they would make data sharing harder overall, contrary to the overarching goals of the health care system.
In April 2023, the Office of the National Coordinator for Health Information Technology (ONC) proposed regulations that aim to bolster patient confidentiality by forcing software makers to ensure that health care providers can easily segment and protect specific information from disclosure when requested by patients.
According to the proposal, health records systems will be required to comply with a new privacy and security framework by January 2026.
Appeals from groups like the American College of Obstetricians and Gynecologists, the National Health Law Program, and the Center for Reproductive Rights, submitted as part of ONC’s public consultations on its proposal, have called on the agency to go even further to protect patients and providers exposed to the risks of confidentiality breaches because of automated electronic health records (EHRs) and health information exchanges (HIEs).
“What I and other privacy advocates would love to see would be a requirement that EHRs and HIEs be set up so that reproductive health data can be easily and completely segregated and removed from the record before they are shared with any other facility,” said family doctor Panna Lossy, who facilitates PRIVATE Medical Records, a national working group of around 60 health and legal professionals concerned with reproductive health data privacy. “This removal should be permanent and complete unless the patient specifically signs something asking for that specific data to be shared.”
But companies like Epic, maker of the world’s most widely used EHR system, have raised practical concerns about the proposal, warning the ONC that, among other issues, it would “add massive new documentation responsibilities for clinicians. From a technical perspective, it is unworkable.”
Family doctor Michele Gomez, who is part of Panna’s working group, suggests that the software industry’s focus up till now on what she calls “automatic interoperability” may have become a victim of its own success.
“EHRs have been working so hard to share data automatically,” she said, “that we’re now behind in thinking about how to not share when that data can be used to criminalize a patient.”
The downsides of automatic data sharing
About a year ago, Gomez saw an out-of-state patient seeking an abortion via telehealth at her home office in Albany, California. All went according to plan — until the patient’s health records were relayed via Epic back to readers in an emergency room in her home state, where abortion is illegal. (The incident was also reported by Wired in June.)
This was a prime example, Gomez realized, of the kinds of outcomes that have abortion providers worried about the safety and privacy of themselves and the people they treat.
Since some states have made it a felony for doctors and other health care workers to assist in providing abortions in the aftermath of the Supreme Court’s decision to overturn Roe v. Wade in 2022, “the penalty for health care providers in such situations could be a heavy fine and imprisonment,” Gomez said.
Lossy, based in Sonoma County, California, shares Gomez’s worries.
“We’ve already seen cases where records automatically crossing state lines via health information exchanges have had real and harmful consequences,” said Lossy, who is also a clinical professor at the University of California, San Francisco.
“We know of one woman who was reported to child protective services after having a legal abortion in another state. We’ve heard of many other patients who have had their abortions disclosed to small-town primary care providers who they feared would now treat them differently and might not protect their confidentiality.”
Increasingly, Lossy said, privacy breaches are occurring even when health care providers are not inputting specific patient data into their records. “Exactly how that happens I don’t know, but it is really problematic,” she said. “We’re hearing stories that are super scary.”
A member of Lossy’s group who works with a major provider of reproductive health services in southern California described one such example to STAT. A patient (who declined to be named for privacy reasons) seeking an abortion wanted to avoid using their insurance in order to protect their privacy from their parents. Yet the e-prescribing software used in connection with the abortion automatically connected the patient’s demographics to their insurance plan, thereby exposing the patient’s procedure to their family.
The debate over sharing reproductive health data
The best way to address the issue, according to Lossy, is to introduce more stringent requirements around data sharing.
The way things are now, Lossy explained, a patient can ask for the sharing of records to be turned off at one institution — say, at Planned Parenthood. But if the patient then goes to a different institution that uses the same EMR, they are often presented with generic consent material that allows for all records to be shared — “including the records from Planned Parenthood which were turned off.”
In addition, information about things like medications, consent forms, labs, or ultrasound reports are often shared even when patients have asked to have their records blocked, Lossy added. “It has to do with if things are ‘patient level data’ or ‘encounter level data,’” she explained, with reference to the categorizations given to patient data within EHR systems.
Encounter level data include findings on demographics, diagnoses, services received, inpatient length of stay, and discharge description. Patient level data include the number of encounters per patient, percentage of patients who died, and underlying cause of death.
“My understanding is that some electronic medical records have ways to block encounter level data but that patient level data is very, very difficult to block without turning off all sharing of information,” Lossy said via email. “This can be very problematic for practices which offer both abortion care and primary care.” The ideal, she added, “would be to make it easy for patients or providers to stop the sharing of just reproductive health information but continue to share other information.”
Last June, writing on behalf of 86 individual physicians and other health care providers and 13 health care organizations, Lossy called on ONC to require electronic health records vendors to make the default in their software products that no sensitive health information can cross state lines or be shared with entities that are not covered by the federal Health Insurance Portability and Accountability Act.
The New York- based Center for Reproductive Rights (CRR), meanwhile, warned ONC last June that the free flow of reproductive health data through an interconnected technological ecosystem poses major risks to patients, writing: “Already, we have heard stories from patients whose medical records automatically populated at a health care provider’s facility in a hostile state and who subsequently faced harassment and intimidation from that provider based on abortion care the patient received previously in another state.”
The CRR asked that the ONC push up the date at which health systems will be required to comply with the new framework to January 2024, and to provide incentives for health IT developers to more quickly make those changes.
The ONC is currently evaluating the petitions. But meanwhile, numerous health information software companies and users are pushing against the proposed new requirements, including the Federation of American Hospitals, which represents more than 1,000 public and privately held hospitals and health systems. The organization argued in its submission to ONC that “the health IT industry has not yet developed solutions that will clearly accomplish data segmentation with an acceptable level of burden.”
UnitedHealth Group also weighed in, warning that restricting an entire category from data sharing, as opposed to excluding specific treatments or medications, “will have unintended consequences of harming patient safety since this will inevitably limit the access of treating health care providers to the entire relevant set of information necessary to provide appropriate care.”
While it’s certainly true that data sharing will continue to be important in the future of health care, physician Simone Arvisais-Anhalt, Director of Laboratory Medicine Informatics at UCSF, said the software industry needs to understand that “data are in fact patients, many of whom are vulnerable.”
Lossy is hopeful ONC will soon act on these concerns.
“ONC should make it clear that in this age of some health care being criminalized in some states,” Lossy said, “sharing across state lines is dangerous to patients.”
This story is part of ongoing coverage of reproductive health care supported by a grant from the Commonwealth Fund.