privacy curtain around hospital bed.

Lessons in Health Data Privacy from the Partial-Birth Abortion Ban Act

By Katie Gu

The past may hold important lessons for our uncertain future of health privacy for patients, physicians, and hospitals in the face of abortion subpoenas post-Dobbs

In returning the legality of abortion back to states, the Supreme Court’s decision has paved the path towards greater surveillance of sensitive health data contained in patient medical records. This stark increase in privacy risks for individuals seeking reproductive care resembles the shifts in patient privacy protections nearly twenty years ago following the Partial-Birth Abortion Ban Act (PBAB). 

Enacted in November 2003, PBAB banned all intact dilation and extractions (D&X), a late-stage abortion procedure, without medical exceptions to protect the pregnant individual’s health. Within days of PBAB’s passage, several physicians brought suit in National Abortion Federation v. Ashcroft to enjoin the law’s enforcement. In response, then-U.S. Attorney General John Ashcroft issued subpoenas requesting medical records of every patient who obtained abortion services under physicians involved in the litigation within the last two years. 38 members of Congress accused Ashcroft of pursuing a “fishing expedition” into areas of physician-patient privilege. Calling for the withdrawal of the subpoenas, the letter accused the Justice Department of “unwarranted abuse of federal power” and “abusive intrusion into women’s privacy.” The Department maintained that the patient records were central to physicians’ claims of the medical necessity of D&X. 

Hospitals filed motions to quash Ashcroft’s subpoenas to varying degrees of success. 

In Chicago, Northwestern Memorial Hospital’s motion was granted by U.S. District Judge Charles Kocoras, who determined that Illinois’ medical privacy law protects patient records “without the fear of public disclosure.” Kocoras ruled that the need to safeguard patient privacy (especially given vulnerabilities of prior medical history) outweighed the “little, if any, probative value” of the data to the government. In San Francisco, U.S. District Judge Phyllis Hamilton also denied Ashcroft’s request for over 2,700 medical records of patients seeking abortion services in the city’s healthcare facilities. Hamilton emphasized that patient records include “potentially identifying information of an extremely personal and intimate nature,” such as contraceptive methods, reports of sexual abuse, and histories of prior abortions. San Francisco City Attorney Dennis Herrera supported the decision, accusing Ashcroft of leveling an “intimidation tactic [intended] to instill a climate of fear in our hospitals and clinics.”  

On the other side, U.S. District Judge Richard Casey of the Southern District of New York required New York-Presbyterian to comply with the subpoenas. Refusing to “let doctors hide behind the shield of the hospital,” Casey filed a contempt order against New York-Presbyterian and even threatened to lift a temporary injunction on PBAB absent compliance. 

The Justice Department ultimately abandoned its efforts to obtain patient records, withdrawing its subpoena against New York-Presbyterian and choosing not to appeal Kocoras’ and Hamilton’s decisions. Three years later, the Supreme Court upheld the constitutionality of PBAB in Gonzales v. Planned Parenthood Federation of America, putting an end to the National Abortion Federation v. Ashcroft chapter.

In 2022, debates surrounding the enforceability of abortion subpoenas against physicians and hospitals for medical record data have reemerged. Familiar tactics and arguments will be levied in forthcoming battles for medical record data access. While old concerns remain (e.g., “the chilling effect not only on the privacy of patients’ medical [records, but also] on the integrity of the doctor-patient relationship itself”), physicians and hospitals today must address newer barriers to patient privacy.

The Information Blocking Final Rule imposes one such barrier. 

Implemented by the U.S. Department of Health and Human Services in 2020 as part of the 21st Century Cures Act, the Information Blocking Rule facilitates data flow and accessibility of electronic health information between not only patients and providers, but also providers based in different hospitals. Physicians now have much broader access to the entirety of a patient’s medical record. While this leads to improvements in efficiency and interoperability of data exchange, the Rule may facilitate greater law enforcement access, which might denigrate the trust and integrity of the physician-patient relationship post-Dobbs

The 2003-2004 National Abortion Federation v. Ashcroft debates began addressing the question of whether the government should subpoena vast amounts of medical record data for the purposes of enforcing abortion bans. Dobbs has begun writing the next chapter within this ongoing debate.

Katie Gu

Katie Gu is a second-year student at Harvard Law (JD 2024). Her current research examines the interplay between data privacy and reproductive healthcare access. She has previously published articles on synthetic biology regulation and governance, end stage renal disease payment reform, and comparative analyses of learning disorder policy. Currently, she co-leads the Harvard Health Law Society and serves on the editorial board of the Harvard Journal of Law and Technology.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.