Dive Brief:

• The House Oversight Committee has launched an investigation into how companies are handling sensitive health data in the wake of the Supreme Court’s decision to overturn Roe v. Wade.
• The committee sent letters to five data broker companies and five personal health apps asking for information regarding how they store and manage user data, along with whether they sell or share it with third parties.
• Democrats in Congress have been increasingly urging federal agencies to increase data privacy protection for patients seeking abortions. Now, they’re stepping more directly into oversight themselves.

Dive Insight:

A wave of red states have severely limited access or criminalized abortion following the Supreme Court’s ruling late last month. Currently, 11 states have banned abortion entirely or have severely restricted the procedure, according to the Guttmacher Institute.

Roughly half of all U.S. states are expected to eventually enact bans or other restrictions to the procedure, resulting in millions of people losing access to abortion services.

Some state legislatures have suggested going after patients who seek abortion in other states or providers who perform them, giving rise to fears that personal and medical data could be used to identify those people. That potentiality is being taken seriously by abortion advocates and lawmakers, especially given that digital records like text messages, browser histories and emails have been used to prosecute pregnancy-related criminal charges in the past.

Reproductive health apps have faced significant data privacy concerns even before Roe’s fall. One recent study found that 87% of the 23 most-popular women’s health apps shared user data with third parties, despite only 52% requiring consent.

Data brokers have also been caught selling user data. For example, location data firm SafeGraph sold a week’s worth of private location data on people who visited abortion clinics in May for $160.

“The collection of sensitive data could pose serious threats to those seeking reproductive care as well as to providers of such care, not only by facilitating intrusive government surveillance, but also by putting people at risk of harassment, intimidation, and even violence,” Oversight and Reform Chairwomen Reps. Carolyn Maloney, D-N.Y., Raja Krishnamoorthi, D-Ill., and Sarah Jacobs, D-Calif., wrote in the letters.

The letters requesting information and documents regarding data privacy, collection, distribution, use and sale were sent to SafeGraph, Digital Envoy, Placer.ai, Gravy Analytics, Babel Street, Flo Health, Glow, BioWink, GP International and Digitalchemy Ventures. The companies have until July 21 to comply.

Earlier this month, Democrat senators asked the Biden administration to update the HIPAA privacy law to prevent health data from being shared with any law enforcement agencies targeting people who have an abortion. In addition, 72 members of Congress urged the Federal Trade Commission to use its full power to safeguard patients against data brokers collecting and selling data that could be used to prosecute abortion-related crimes.

President Joe Biden on Friday signed an executive order aimed at protecting abortion access nationwide. The order calls on the FTC and the HHS to consider issuing new HIPAA guidance.