REJECT Planned Parenthood: Corporation has repeatedly failed to protect patient privacy

In Live Action News’ fourth installment of our REJECT Planned Parenthood series, we will demonstrate how reckless this taxpayer-funded abortion corporation is with the personal health information, test results, and overall privacy of its own clients. Despite multiple privacy breaches, Planned Parenthood still received nearly $700 million dollars of taxpayer funding last year alone.

In the first installment of our series, we offered a glimpse into the organization’s founding under the leadership of Margaret Sanger, later referred to as a racist white supremacist. In part two of the series, we exposed Planned Parenthood’s insidious agenda to receive billions in taxpayer dollars under the guise of “family planning.” That program is known as Title X (pronounced “title ten”). In part three, we exposed how both Medicaid and Title X require participants to comply with state and federal laws regarding the reporting of child sexual abuse — something Planned Parenthood has repeatedly violated.

Below is yet more evidence that DOGE needs to defund Planned Parenthood.

Planned Parenthood Privacy Breaches

Imagine Planned Parenthood sending your personal information, including STD results, to the wrong person. Or having a note with your Planned Parenthood test results taped to your apartment door for anyone to see, or having your private medical information or test results faxed or mailed to the wrong person. Or having your mother contacted about your pregnancy decision, or your personal health information disclosed to your cousin or partner.

Or what if Planned Parenthood staffers were disclosing procedures, including abortions, to people you knew? What if staffers were telling your acquaintances that they saw you at Planned Parenthood? What if you worked for Planned Parenthood, then received care there for an STD only to discover that your coworkers somehow knew your test results? What if you went for an ultrasound, and the name of the previous Planned Parenthood client was still visible on the machine?

All of the incidents above have been alleged by Planned Parenthood clients in multiple privacy complaints.

 

Another complaint alleged:

I am a registered nurse in the State of Delaware. I (as well as others) have witnessed numerous HIPPA [sic] violations occurring at Planned Parenthood of Delaware. I reported these violations to Delaware Health and Social Services and was told that they (meaning DHSS) would report these violations to you… so I did not because I was told they were going to do so. In the meantime, DHSS stated that they were not going to report to your department.

I am not sure why they do not feel it is nessary [sic] but Planned Parenthood is in violation of HIPPA [sic] regulations. Patients have no privacy and are crammed into a recovery room where they sit beside one another listening to personal and private patient information. Please help me protect the patients at Planned Parenthood. It is not fair that their rights are being ignored.

Of course, Planned Parenthood denied the accusations.

Melody Meanor, the former Health Center Manager of Family Planning at Planned Parenthood of Delaware in Wilmington, went public to expose the center’s privacy policies. A video and transcript of her statement is available online.

 

Live Action News previously sent a freedom of information request (FOIA) to OCR for documentation where Planned Parenthood failed to protect patient privacy. In September of 2018, an OCR representative responded, “The Office for Civil Rights (OCR) conducted a search and located 1306 pages of responsive records. After a careful review of these pages, I have determined to release 637 pages to you in their entirety, and I am further releasing 365 pages in part, with portions redacted.”

The documents, which Live Action News is making available for review for the first time, are linked below.

• 1-100
• 101-200
• 201-300
• 301-400
• 401-500
• 501-600
• 601-700
• 701-800
• 801-900
• 901-1000
• 1001-1100
• 1101-1200
• 1201 – 1236

Over Half a Million Planned Parenthood Clients Affected by Privacy Breaches

Live Action News previously documented multiple violations of privacy (2016, 2017, and older) taking place at Planned Parenthood (PP) under the federal HIPAA law, including massive privacy breaches and abuses due to PP’s negligence, exposing thousands of PP patients.

A November 2024 breach report submitted against Planned Parenthood of Montana for a “Hacking/IT Incident” affected 18,003 clients. According to the HIPAA Journal, between August 24, 2024, and August 28, 2024, a RansomHub ransomware attack against Planned Parenthood of Montana “accessed its network and exfiltrated copies of documents that contained some patient information” including “names, addresses, dates of birth, medical record numbers, health insurance information, and/or clinical information, including provider name(s), date(s) of service, diagnosis information, treatment information, and/or prescription information,” the HIPAA Journal reported. “RansomHub added Planned Parenthood to its dark web data leak site on September 4, 2024, and published screenshots of administrative, financial, and legal documents as evidence of the attack.”

An April 2024 review of the Office for Civil Rights (OCR) notification portal archive page revealed multiple privacy breaches against Planned Parenthood, including “hacking incidents,” “Unauthorized Access/Disclosures,” as well as an “Improper Disposal” of private client information. In total, these larger breaches affected over half a million Planned Parenthood clients, yet CFA’s “nonpartisan” complaints do not appear to target Planned Parenthood.

Office of Civil Rights HIPAA violations in archive against Planned Parenthood

These included many of the following:

• Planned Parenthood of Montana was listed by OCR as having a Hacking/IT incident affecting 18,003 clients (2024).
• Planned Parenthood Bedford Heights was ordered to pay thousands by the Ohio Department of Health (ODH) for dumping private patient information in the trash, along with the remains of aborted children (2022).
• Planned Parenthood Los Angeles (PPLA) claimed a “hacking incident” affected 409,759 clients (2021). Last year, Planned Parenthood Los Angeles (PPLA) reached a “$6 million settlement to resolve all claims” related to the 2021 data breach, reported the HIPAA Journal.
• Planned Parenthood of Metropolitan Washington, D.C. revealed that a “hacking incident” had affected 500 Planned Parenthood clients (2021).
• Planned Parenthood Great Plains posted a notice regarding a security breach at Blackbaud, a data management software and cloud computing software vendor of Planned Parenthood Federation of America and several affiliates, which “compromised some donor data” for multiple Planned Parenthood affiliates across the nation. Planned Parenthood of Northern New England, a Title X recipient, was among the affiliates affected by the 2020 Blackbaud breach, which exposed patient data (2020).
• OCR noted a “Hacking/IT” incident at Planned Parenthood Metro Washington involving 142,982 clients. (2020)
• Planned Parenthood of the Heartland reported a privacy breach of 515 patients at its center in Bettendorf, Iowa (2018).
• Planned Parenthood of Greater Washington and North Idaho (PPGWNI) notified patients about a data security “error” involving 10,700 patients (2016).
• Planned Parenthood of the Heartland closed its facility in Dubuque, Iowa, and left thousands of private medical records inside the building for months while the building was being shown and eventually sold. Planned Parenthood of the Heartland reported the breach, affecting 2,506 individuals, in July of 2016.
• Planned Parenthood Southwest Ohio Region at PP Elizabeth Campbell Center in Cincinnati left a storage location that housed private prescription medical logs unlocked, which was later placed in the trash dumpster then emptied by the trash collector (2014). A 2015 OCR report shows an impact of 5,000 clients.
• Planned Parenthood in Trexlertown, Pennsylvania, violated the Federal Standards for Privacy Identifiable Health Information after sending a bill for a patient to the wrong person, according to a complaint received by Office of Civil Rights (OCR) in 2014.

Additional privacy breaches alleged against Planned Parenthood include:

• A California Planned Parenthood patient reported that following her visit, she received two text messages from an anonymous number, reading, “Damn, you have an STD WOW.”
• A Napa Planned Parenthood receptionist admitted to state officials that she had looked at private patient records because she was curious.
• Alleged Planned Parenthood patient wrote online, “a worker there told a family member of mine about my privacy.”
• In 2011, OCR received a complaint alleging that a worker at Planned Parenthood in New York “impermissibly disclosed” the complainant’s health information to her sister’s friend.
• In 2012, a complainant informed the governing body that she had received a call from Planned Parenthood of Northeast Ohio asking her to contact them regarding recent test results. During the call, it was determined that she was not the correct patient.
• In 2013, a complaint was filed against a Planned Parenthood in Chicago, Illinois, which alleged that an employee impermissibly disclosed her private health information to a third party on Facebook.
• A complaint received by OCR in 2014 alleged that a Planned Parenthood in Trexlertown, Pennsylvania, violated the Federal Standards for Privacy Identifiable Health Information after sending a bill for a patient to the wrong person.

Planned Parenthood Tax Funding Continues Despite Privacy Breaches

Planned Parenthood receives the bulk of its nearly $700 million taxpayer dollars through Medicaid reimbursements and the Title X Family Planning Programs which require that recipients of federal dollars protect patient privacy.

The Government Accountability Office reveals billions to Planned Parenthood:

• Government Accountability Office (GAO) reports published in the past few years have revealed that from 2016-2018, Planned Parenthood Federation of America (PPFA) received $1.6 billion in federal taxpayer dollars from HHS, averaging $533 million per year ($304 million through grants or cooperative agreements and $1.3 billion from Medicare, Medicaid, and CHIP).
• Then, from 2019-2021, the GOA reported that PPFA received $1.78 billion in federal taxpayer funding in just those three years, while Planned Parenthood abortions totaled 1.1 million within those same three years.
• Members of Congress recently requested for the GAO to provide them with updated numbers for the years 2022-2024.

Between 2022 and 2024, as Live Action News previously documented, OPA allocated nearly $60 million under the federal Title X family planning program to Planned Parenthood, despite multiple privacy breaches.

Privacy Protection Requirements for Federal Dollars

The Department of Health and Human Services (HHS) oversees multiple agencies within the federal government, including Centers for Medicare and Medicaid Services (CMS), Food and Drug Administration (FDA), Office of Civil Rights (OCR), and the Office of Population Affairs (OPA) which governs Title X, as well as others.

Under HHS, “The awards process is governed by laws and policies – both federal government-wide and HHS-specific,” the HHS Administrative and National Policy Requirements (Updated February 2025) handbook states. “This Appendix compiles many of the laws and policies that may apply to awards, but it is not intended to be an exhaustive list or to reproduce the full text. Readers are encouraged to review the original sources for more information,” the HHS handbook adds. “Ensure all staff complete annual cybersecurity and privacy training,” HHS’ handbook stated.

The HHS requirements list the Privacy Act as well as the Health Insurance Portability and Accountability Act (HIPAA).

“Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information,” the HHS website states.

Under the heading “Project Administration,” the Title X handbook for 2022 and updated December of 2024, makes clear that recipients must protect patient privacy and “Ensure that all information as to personal facts and circumstances obtained by the project staff about individuals receiving services must be held confidential and must not be disclosed without the individual’s documented consent, except as may be necessary to provide services to the patient or as required by law, with appropriate safeguards for confidentiality. Information may otherwise be disclosed only in summary, statistical, or other form that does not identify the individual. Reasonable efforts to collect charges without jeopardizing client confidentiality must be made. Recipients must inform the client of any potential for disclosure of their confidential health information to policyholders where the policyholder is someone other than the client. (42 CFR § 59.10(a))” it stated.

The U.S. Health and Human Services (HHS) website acknowledges that “Most of us believe that our medical and other health information is private and should be protected, and we want to know who has this information. The Privacy Rule, a Federal law, gives you rights over your health information and sets rules and limits on who can look at and receive your health information. The Privacy Rule applies to all forms of individuals’ protected health information, whether electronic, written, or oral. The Security Rule is a Federal law that requires security for health information in electronic form.”

When a privacy breach takes place, individuals can file a complaint with the federal OCR, which is responsible for enforcing the HIPAA Privacy and Security Rules. HIPAA stands for the Health Insurance Portability and Accountability Act, originally passed in 1996, HIPAA “establishes federal standards protecting sensitive health information from disclosure without patient’s consent,” the Centers for Disease Control and Prevention claims.