Source: New Zealand Privacy Commissioner – Blog
First published in ‘New Zealand Doctor’ 22/06/2022
A potential US Supreme Court decision to overturn Roe v Wade, the landmark case that established a legal right to abortion without excessive government restriction, raises questions about the protection of privacy rights in the health sector. Jess Ducey argues that protecting people’s privacy means not just our secrets or personal data – but our self-determination and bodily-autonomy.
It can be tempting to dismiss the current resurgence in US abortion debate as a peculiarly American issue, but we must remember that Roe was decided on broad and influential privacy grounds. The court found that the United States Constitution provides a fundamental “right to privacy” that protects a person’s right to choose whether and when to have a child.
Privacy is the foundation of abortion rights as well as other sexual and reproductive rights like gay rights, contraception access, and marriage equality, both here and overseas. The privacy origins of abortion rights stem from the fact that medical information, particularly concerning reproductive health, is universally considered to be sensitive personal information.
International law, including the International Covenant on Civil and Political Rights and the European Convention on Human Rights, both recognise privacy rights. Cases decided under international law have held that these privacy rights include the decision over whether or not to have a child.
While doctors are likely aware that abortion was only decriminalised in Aotearoa New Zealand in March 2020 – just a few months before the new Privacy Act came into effect – this fact remains relatively unknown in the public.
In a 2018 submission to the Law Commission on Abortion Law Reform, Aotearoa New Zealand’s Privacy Commissioner cautioned that including abortion in criminal law raised ‘major issues with the exposure of sensitive health information to the criminal justice system’. Removing abortion from the Crimes Act was an important step towards ensuring that health information is treated consistently with the Health Information Privacy Code, and not subject to additional risks of exposure.
Last month in this column, we saw that the health sector reports more serious breaches of privacy than any other sector. This is a poignant reminder that health professionals hold large amounts of deeply sensitive information, and any breach of this information is likely to result in harm. Healthcare professionals, who can wield considerable power over their patients, especially when they are in a vulnerable state, have a duty to respect and actively work to maintain their trust.
We know that the majority of privacy breaches are not due to malicious actors or cyber security breaches, but rather are caused by simple human error, whether that’s including the wrong attachment in an email or not confirming an address before sending personal information. Criminalising or otherwise over-regulating medical procedures creates more opportunities for harmful privacy breaches by exposing that personal information to more people, agencies, or systems.
And this risk extends beyond our personal medical information to include digital data more broadly. Internet search history, GPS location information, and other metadata quietly collected and shared by personal devices can and have been used to identify and harm people. The BBC recently reported the concerns of a reproductive rights group about personal data from menstrual tracking apps being used to identity people seeking abortion care.
Discussions about privacy in the medical sector often concern a patient’s personal information and its disclosure, but fundamentally, privacy is not about secrets or data – it is a matter of personal and bodily autonomy and self-determination for everyone.
Abortion, like all healthcare decisions, is a matter of trust between the patient, their doctor, and anyone else they choose to include. Trust is an ongoing relationship, hard won and easily lost. Healthcare providers have immense power in these decisions, and with great power comes great responsibility. How can you continue to honour that trust and responsibility for the patients you serve?
