Investigative

How Planned Parenthood and the abortion industry have compromised patient privacy

medical records,

Abortion patient privacy has been a focus of the pro-abortion Biden Administration. A recent executive order sought to “protect consumers’ privacy when seeking information about and provision of ” abortion, and to “educate consumers on how best to protect their health privacy and limit the collection and sharing of their sensitive health-related information.” But rather than focus on the irresponsible way abortion and Planned Parenthood facilities have handled private patient information, the media is pointing to the imagined dangers of pregnancy and period apps, location trackers, and other digital communications.

Despite regulations under the federal Health Insurance Portability and Accountability Act (HIPAA), medical records handled by abortion facilities and Planned Parenthood facilities are not always kept under lock and key.

Years of records dumped into trash bins and receptacles

In 2022, Live Action News reported that Northeast Ohio Women’s Center abortion clinic and Planned Parenthood Bedford Heights were ordered to pay $7,500 and $5,000 by the Ohio Department of Health (ODH) for dumping private patient information in the trash, along with the remains of aborted children.

Image: Identifying information for women who visited the Northeast Ohio Women’s Center abortion clinic were illegally dumped (Image credit: Operation Rescue)

Abortion patient privacy information illegally dumped by Northeast Ohio Women’s Center abortion clinic (Image credit: Operation Rescue)

In 2021, medical waste and patient records were found in two Louisiana abortion facility trash dumpsters belonging to the Delta Clinic of Baton Rouge and the Hope Medical Group for Women in Shreveport.

In 2016, Operation Rescue alleged that Baltimore’s Hillcrest abortion facility was temporarily closed when an activist happened to notice that medical records were illegally dumped among the remodeling refuse. Names, addresses, and even a copy of a woman’s photo identification card were all blowing down the sidewalk for anyone to find.

In 2015, police and environmental officials investigated a suburban Detroit abortion facility for the improper disposal of medical waste and patient records after Citizens for a Pro-life Society (which has found human tissue and medical documents in dumpsters behind several abortion facilities for years) tipped them off.

In 2014Planned Parenthood Southwest Ohio Region at PP Elizabeth Campbell Center in Cincinnati left a storage location that housed private prescription medical logs unlocked. As a result, the custodian placed the logs containing personal health information in the trash dumpster, which was later emptied by the trash collector. According to a response from PP’s attorneys, the logs contained patient names, dates of birth, lab results, and medication — affecting at least 5,000 individuals. Also in 2014, Operation Rescue filed complaints against Outpatient Services for Women in Oklahoma City and its abortionist, Nareshkumar Patel, for record-keeping violations and improper disposal of confidential information, among other violations.

Image: 2014 Planned Parenthood of SW Ohio privacy breach (Image: Office of Civil Rights)

Planned Parenthood HIPPA violations shows abortion patient info to Stem Express

In 2012, disgraced Kansas City abortionist Krishna Rajanna had thrown abortion patient records with extensive personal-identifying information into a school recycling bin, while those files were still legally required to be retained and protected. More than 1,000 private abortion records sat in plain view, tossed atop of magazines and newspapers in a possibly serious violation of federal privacy laws.

In addition, a 2012 report from Right to Life of Michigan revealed a pattern of deeply entrenched illegal and unethical practices throughout Michigan’s abortion industry. Illegal disposal at Michigan abortion facilities included 40-50 patient records, used syringes, and bloody surgical material that had been dumped by an abortion center in Michigan. Around 30-40 patient records were dumped near another, and patient logs including over 500 patient names, medical records, and bloody surgical material were dumped by yet another Michigan abortion facility.

That same year, formal complaints were filed against abortionist LeRoy Carhart and his late-term abortion facility in Germantown, Maryland, after an investigation by pro-life activists uncovered the illegal dumping of biohazardous waste, private patient medical information (including copies of patient drivers licenses), and IV drugs.

 

In 2011, Operation Rescue released information documenting widespread abortion abuses at a dozen Texas abortion clinics. They claimed that massive violations of the Federal Health Insurance Portability and Accountability Act (HIPAA) occurred. Hundreds of patient names, addresses, and other sensitive information that had been illegally dumped or discarded by abortion facilities was discovered and recovered.

In 2010, patient records and discarded aborted remains were located outside the WomansChoice abortion facility near Lansing, Michigan; the business dumpster contained medical records, including patient logs with full names and insurance information, bloody surgical material, and used urine specimen cups labeled with the names of patients.

In 2008, pro-life activists found fetal remains, biohazard waste, and medical records at the Women’s Advisory abortion business in Livonia, Michigan. The facility was owned and operated by abortionist Reginald Sharpe. Extensive bio-hazard waste and patient records were also reportedly discovered there in the trash container behind Sharpe’s other abortion facility on Warren Avenue in Detroit. A police report was filed.

 

In 1999, a class-action suit was filed against abortionist Edward Allred’s Family Planning Associates Medical Group — which operated facilities in 20 California communities — claiming he disposed of hundreds of medical records in unlocked trash bins.

In 1987, pro-lifers in Michigan retrieved aborted babies and identifiable privacy information of abortion patients from a Michigan abortion facility dumpster. And in the 1980’s, pro-life activist Robert Ruff wrote a book analyzing several boxes of Planned Parenthood records that were thrown in a dumpster outside a facility. He and his fellow pro-lifers found them while searching for the bodies of aborted babies in the garbage.

Image: Aborted babies and medical waste found in abortion clinic dumpster (Image: Citizens for a Pro-life Society)

Aborted babies and medical waste found in abortion clinic dumpster (Image: Citizens for a Pro-life Society)

The abortion industry’s carelessness with patient data

In 2019, after the death of Indiana abortionist Ulrich Klopfer, authorities found thousands of unsecured patient health records scattered around multiple properties he either owned or rented. Additionally, private patient records were also found in the trunk of his car, abandoned in the former abortion facility locations, storage units, and a garage… as well as in the basement of his home from which more than 100 boxes of health records were removed. In one of his facilities, authorities reported that health records were “intermingled with boxes upon boxes of miscellaneous items including car parts, rotting food, unsterilized used medical instruments, hundreds of empty soda cans and protein shake bottles, various personal items, and medical supplies – including loose syringes. Some of the health records were soaking in an unidentified liquid and were covered in mold.”

In 2018Planned Parenthood of the Heartland reported a privacy breach of 515 patients at its Bettendorf center in Iowa. “As a result of this incident, the privacy of the following information may have been compromised: full name, date of birth, medical record number, diagnosis, and treatment, and mailing address and insurance information as of November 2010,” Planned Parenthood wrote.

In 2016Planned Parenthood of Greater Washington and North Idaho (PPGWNI) notified patients about a data security “error” involving 10,700 patients patients in which e-mails were “inadvertently sent to the wrong addresses.” An online post by PP referred to it as an “isolated occurrence.”

Then, in April 2016 when Planned Parenthood of the Heartland closed its facility in Dubuque, Iowa, it left thousands of private medical records inside the building for months, while the building was being shown and was eventually sold. Planned Parenthood of the Heartland reported the breach, affecting 2,506 individuals, in July of 2016.

According to HIPAA Journal, also in 2016, it was “alleged that… Planned Parenthood Mar Monte (PPMM) and Planned Parenthood Shasta Pacific (PPSP) [] and Family Planning Specialists Medical Group (FPS) improperly disclosed the protected health information (PHI) and personally identifiable information (PII) of female patients to StemExpress.”

In 2015, abortion patient medical records were discovered inside a vacant warehouse, the site of a former Michigan abortion facility near downtown Flint. According to WJRT, when abortionist Abraham Hodari closed the Feminine Health Care Clinic in 2013, he abandoned hundreds of boxes full of patient information.

In 2014, medical records of hundreds – and potentially thousands – of women that visited an unspecified Houston abortion facility were discovered in a warehouse in the city. The records were discovered by the owner of the warehouse, Esmeralda Cedillo, when she was walking her dog. The information in the files included sensitive medical information, personal details and even the Social Security numbers of women who had abortions at the facility between 1992 and 2012. Also in 2014, a complaint received by OCR alleged that a Planned Parenthood in Trexlertown, Pennsylvania, violated the Federal Standards for Privacy Identifiable Health Information after sending a bill for a patient to the wrong person.

TAB, a records management company working with the Planned Parenthood Federation of America for over a decade, identified “some serious problems” with the records of Planned Parenthood of Illinois, which oversees 17 branch locations. TAB’s document suggested that the corporation’s records were getting lost in the mail and seen by those not employed by Planned Parenthood.

Mishandling of private patient information by Planned Parenthood staff

In a 2015 lawsuit involving employee misconduct, a Planned Parenthood of Minnesota, North Dakota, South Dakota HR manager testified that a call center agent was terminated for a reportable HIPAA violation: “A call center supervisor testified that he received an e-mail from another employee… stating that [PP agent] had sent her a chat message stating that [PP agent] had just scheduled E.S.’s cousin as a patient, with a follow-up message stating the cousin’s name.”

In 2014, a Planned Parenthood client alleged she went to PP for the abortion pill, and a PP staff member texted a mutual friend to tell the friend the patient was seen at PP for an abortion. The Office for Civil Rights (OCR) decided to resolve the matter informally with technical assistance to PP and closed case #14-191232 without further action.

A 2013 OCR complaint alleged that a PP staffer in Illinois disclosed medical information to a third party, who posted to Facebook: “I find it unbelievable that you are scared to cross the street, but were brave enough to kill your own embryo.” OCR decided to resolve case# 14-168325 informally with technical assistance to PP and closed the case without further action. Also, a 2013 complaint alleged that an employee at a Planned Parenthood in Chicago, Illinois, disclosed a client’s private health information to a third party on Facebook.

In 2012, a Napa Planned Parenthood receptionist admitted to state officials that she had looked at private patient records because she was curious.

That same year, the State of California’s public website on information about health care providers who failed to protect patients’ privacy listed two Planned Parenthood facilities among the offenders. One was Planned Parenthood of The North Valley in Chico, California, where in 2012 a patient reported that following her visit she received two text messages from an anonymous number, reading, “Damn, you have an STD WOW.” The second message read, “LOL I know everyone. Nasty. My friend works at Planned Parenthood. I’m telling everyone.” It was learned that a staffer had looked at the patient’s information because she was dating the patient’s ex-boyfriend and had concerns about an STD. According to a state report, the staff member was terminated from Planned Parenthood Shasta Pacific.

In 2011, OCR received a complaint alleging that a worker at Planned Parenthood in New York “impermissibly disclosed” the complainant’s health information to her sister’s friend. OCR’s regional manager, Linda C. Colon, decided to “resolve the matter informally” and sent Planned Parenthood material explaining the Privacy Rule provisions relating to disclosures to family and friends.

Other privacy breach incidents

In 2021, Planned Parenthood Los Angeles (PPLA) claimed that a “hacking incident” affected 409,759 clients. The investigation determined that “an unauthorized person gained access to our network between October 9, 2021 and October 17, 2021, and exfiltrated some files from our systems during that time.” PPLA later concluded that the files which were involved contained patient names, insurance information, dates of birth, and “clinical information, such as diagnosis, procedure, and/or prescription information.”

In April 2021, Planned Parenthood of Metropolitan Washington, D.C. revealed it had a breach of patient and donor information. In a notice posted to its website, the organization revealed that it found “unusual” activity on its networks on September 3, 2020, claiming the “hacking incident” affected 500 Planned Parenthood clients. “After an extensive forensic investigation, on October 21, 2020 we determined that unauthorized actors gained access to our network and between August 27, 2020 and October 8, 2020 acquired copies of documents that contained some patient information,” Planned Parenthood’s Washington affiliate wrote in a public notice.

Image: Planned Parenthood data breach Los Angeles Metro Washington OCR portal 12092021

Planned Parenthood data breach Los Angeles Metro Washington OCR portal 1209202

In 2020, Planned Parenthood Great Plains posted a notice regarding a security breach at Blackbaud, a data management software and cloud computing software vendor of Planned Parenthood Federation of America and several affiliates, which “compromised some donor data” for multiple Planned Parenthood affiliates across the nation. Planned Parenthood of Northern New England was among the affiliates affected by the 2020 Blackbaud breach, which exposed patient data.

If the Biden Administration wishes to protect the privacy of abortion clients, they will shore up privacy regulations and conduct regular investigations at the offices of the doctors, staff and facilities that commit abortions, including largely unregulated virtual abortion pill businesses.

If they do not, more privacy breaches are likely to occur.

“Like” Live Action News on Facebook for more pro-life news and commentary!

What is Live Action News?

Live Action News is pro-life news and commentary from a pro-life perspective. Learn More

Contact editor@liveaction.org for questions, corrections, or if you are seeking permission to reprint any Live Action News content.

GUEST ARTICLES: To submit a guest article to Live Action News, email editor@liveaction.org with an attached Word document of 800-1000 words. Please also attach any photos relevant to your submission if applicable. If your submission is accepted for publication, you will be notified within three weeks. Guest articles are not compensated. (See here for Open License Agreement.) Thank you for your interest in Live Action News!



To Top