October 29, 2015 — Two North Carolina lawmakers have voiced concerns about a state law (SL 2015-62) requiring providers to give the state data on abortions, saying that several recent data breaches raise questions about the state's ability to keep patient data secure, the Asheville Citizen-Times reports (Barrett, Asheville Citizen-Times, 10/28).
Among several other provisions, the law imposes a 72-hour mandatory delay before abortion and requires physicians to provide the state Department of Health and Human Services with information about abortions performed after the 16th week of pregnancy (Women's Health Policy Report, 6/9). Specifically, for abortions and miscarriages after 16 weeks' gestation, providers are required to submit an ultrasound, the measurements of the fetus and information on how the provider determined fetal age (Asheville Citizen-Times, 10/28).
Further, the law requires additional documentation for abortions or miscarriages occuring after 20 weeks' gestation to demonstrate that continuing the pregnancy would have threatened the woman's life or substantially impaired her health. The state prohibits abortion after 20 weeks in other circumstances (Women's Health Policy Report, 6/9).
The requirements on what information providers are required to submit go into effect on Jan. 1, 2016. According to the law, collected data will remain confidential, anonymous and used "for statistical purposes only."
Legislators Cite Data Breaches
State Sen. Terry Van Duyn (D) and state Rep. Susan Fisher (D) in a letter to Gov. Pat McCrory (R) voiced concerns about three data breaches at DHHS.
According to the letter, DHHS earlier this month said an employee emailed an unencrypted spreadsheet containing data from Medicaid recipients in Granville County, though there is no indication the information has been misused. Further, 49,000 North Carolina children in 2014 received incorrect Medicaid cards, which contained personal information including names and birth dates. In addition, a DHHS contractor in 2013 "lost a flash drive containing the personal information of over 1,100 North Carolina medical providers" as well as 50,000 other U.S. residents, the letter states.
The lawmakers said, "Given the many public questions surrounding the agency, as well as its pattern of releasing the private information of North Carolina patients, we do not believe that the benefit of the doubt is due when it comes to protocols for patient privacy and data security."
Van Duyn and Fisher continued, "Put simply, the collection and review of ultrasounds represents the most invasive foray yet by your administration into the private lives of women. These women have every right to be concerned about the security of their records."
Meanwhile, DHHS spokesperson Alexandra Lefebvre said the department "is approaching the implementation of (the bill) with respect to the sensitivity of this information," adding that physicians would not transmit identifying information to the state (Asheville Citizen-Times, 10/28).