Crisis Pregnancy Centers & Your Privacy: Why HIPAA Claims Are a Red Flag & What’s Changing
For years, teh Electronic Frontier Foundation (EFF) has been investigating a concerning trend: Crisis Pregnancy Centers (CPCs) falsely implying they are bound by the Health Insurance Portability and Accountability Act (HIPAA). This misrepresentation can have serious implications for your privacy, especially when you’re facing sensitive and deeply personal decisions about your health. Here’s what you need to know, what we’ve uncovered, and what’s happening now.
What are Crisis Pregnancy Centers?
CPCs often market themselves as extensive reproductive health clinics. However, many are not licensed medical facilities and don’t have qualified medical professionals on staff. Their primary goal is often to dissuade individuals from choosing abortion.
why the HIPAA Claims Matter
HIPAA is a federal law that protects sensitive patient health information.It sets strict standards for how healthcare providers can collect, use, and share your data. The problem? Most CPCs aren’t legally obligated to follow HIPAA.
Claiming HIPAA compliance when it’s untrue is deeply deceptive. It leads you to believe your personal information is protected when it likely isn’t. This is especially troubling given the incredibly sensitive nature of the information these centers collect.Our investigation & Early wins
We,at the EFF,recently sent letters to attorneys General in Oklahoma (OK),Nebraska (NE),and North Carolina (NC) urging them to investigate these misleading practices. We provided exhibits detailing specific instances of false or misleading HIPAA claims on CPC websites.
The results are encouraging. Our initial follow-up investigation reveals:
Six CPCs have completely removed HIPAA references from their websites.
One CPC has made partial changes, removing at least one misleading claim.
Every center flagged in letters to Texas and Arkansas has updated their website.
This demonstrates a clear responsiveness to scrutiny and a recognition that their claims are under investigation. While 14 centers remain unchanged, this is a significant step forward. You can see examples of the changes and the original claims through resources like the Internet Archive.
What’s Still Happening & Why It’s Concerning
Removing a HIPAA claim from a website is a start, but it doesn’t solve the underlying privacy issues. Here’s what you need to be aware of:
CPCs still collect sensitive data: This includes information about your medical history, pregnancy status, and personal beliefs.
Lack of transparency: Most CPCs don’t clearly explain how your data is stored, used, or shared.
No guaranteed protection: Without HIPAA compliance, your information is vulnerable to misuse.
* Data sharing concerns: Reports indicate that data collected by CPCs has been shared with affiliated networks and even exposed online.
We’ve seen instances where CPCs have even incorrectly directed individuals to the Department of Health and Human Services for redress, falsely implying federal oversight. This is a deliberate attempt to create a false sense of security. You can find more information on this issue from NBC News and The Record.
What You Can Do to Protect Yourself
If you’re considering visiting a CPC, take these steps:
- Verify credentials: Confirm if the center is a licensed medical facility with qualified healthcare professionals.
- Ask about privacy practices: Specifically inquire about how your data will be collected, used, and shared. Get it in writing
