Michigan Lawmakers Working on Protecting Women’s Health Data

LANSING, Mich. — A push is on in Michigan to draft legislation that would provide enhanced privacy protections for women’s health data related to reproductive care.

The bill, which Democratic state Rep. Laurie Pohutsky plans to introduce once next year’s legislative session gets underway on Jan. 8, would provide a new level of privacy protection to the reproductive health data of Michigan women.

In an interview with the Michigan Advance last week, Gov. Gretchen Whitmer said she is wholeheartedly behind the legislation.

“I think it’s a very real concern that Michigan women and people that use data apps, like for period tracking, etc., have privacy protections,” she told the nonprofit news outlet, which reports on politics and policy within the state.

“We know that there are all sorts of ways that our data is being misused or weaponized and used against people,” she said.

Pohutsky, who is speaker pro tempore of the Michigan House, told the Advance the idea behind the measure is to ensure that patients seeking reproductive health care don’t have to worry about their health care data being used against them, “primarily by those in other states where abortion may be illegal.”

Whitmer said in the article that she’s so personally concerned about the data privacy issue that she told her daughters, both now in their early 20s, to delete the menstrual cycle tracker apps they’d downloaded to their phones.

In 2021, the International Digital Accountability Council, an independent, nonprofit watchdog group created to improve digital accountability, released a report in which it revealed period tracking apps were sharing unencrypted personal information with third parties without fully disclosing that fact in their privacy policies.

In that report, the council found that while the U.S. government is “pushing for greater data portability” to give patients and their providers powerful new resources to manage their health and wellness, privacy protections simply are not keeping up.

“Patients who believe that decades-old laws like the Health Insurance Portability and Accountability Act provide protections for the intimate details of their health and wellbeing that are collected by apps may be surprised to learn that this data collection and sharing falls into a nebulous gap in consumer protections that may leave them vulnerable,” the preface to the report said.

“Most of the new apps that patients use to monitor their sexual and reproductive health, mental health, fitness, and weight loss are instead governed by a woefully inadequate patchwork of rules enforced by a range of federal and state agencies, from the Federal Trade Commission and state attorneys general to emerging rules in states like California, Virginia and Colorado,” the report continued. 

“Additionally, platforms like Google and Apple are thrust into dual roles as merchant and privacy beat cop, setting and enforcing many of the specific rules developers and publishers must follow to offer their apps on the Google Play Store and the iOS App store,” it said.

With the support of the Rose Foundation, a nonprofit that states its charitable purpose is to “positively impact the quality of life” of women and families, the Council launched an in-depth investigation of digital health apps to assess consumer protection risks.

In partnership with Good Research and App Census, the council examined the privacy policies for 152 of these apps and then used sophisticated forensic techniques to examine the data flows from the apps to outside third parties. 

“Our investigation found that most of these apps are observing the letter of the laws and platform terms that they are required to follow. However, some widely-used apps fail to meet even basic platform requirements because they send unencrypted user data, have inadequate or missing privacy policies, or collect granular information about user location without adequate explanation,” the report said.

“Additionally, several apps appear to transmit user data to endpoints in countries such as Russia and China with weak data protection laws and poor human rights records.” 

Even when apps carefully follow existing rules, the council found that most users have little visibility into how their information is collected or shared. 

“When it comes to sharing our most health sensitive data, our laws place a strong emphasis on the notion of notice and consent. But notice often means that apps carefully include a vague and legalistic statement about data collection and sharing; and consent often means that a user clicks through a jargon-filled document without reading or understanding the disclosures that are being made,” the report said.

In her interview with the Michigan Advance, Whitmer said this situation is exactly why “it’s crucial that we are nimble.”

“A right that we thought was enshrined for 50 years and would never go away has,” she said, referring to the U.S. Supreme Court’s 2022 decision in Dobbs v Jackson Women’s Health Organization, which overturned Roe v Wade and with it, women’s constitutionally protected right to an abortion.

“And we see in different states how the government is using women’s data against them, whether it’s monitoring pregnancies or period apps or anything like that,” Whitmer continued. “So I think it’s prudent to be very aggressive when it comes to consumer protection and when it comes to protecting women’s health information.”

Whitmer’s entire interview with the Michigan Advance on this topic can be found here.

Dan can be reached at [email protected] and at https://twitter.com/DanMcCue