Michigan Governor Gretchen Whitmer, photo courtesy State of Michigan Office of the Governor.

Michigan Governor Whitmer has this week sent a letter to the leaders of Apple, Alphabet (Google), Amazon, Meta (Facebook), and Microsoft, asking them to take additional steps to protect people's data, particularly health data. Governor Whitmer's interest in the topic is to protect women seeking reproductive healthcare from having their data used to prosecute them as abortion remains in limbo with regards to legality in the U.S., but the issue goes far beyond this to touch every American's health data, whether that is in regards to legal action, online privacy, or data brokers selling private information to advertisers or making it accessible to hackers.

As women with reproductive health issues such as endometriosis, ectopic pregnancy, miscarriages, and other common reproductive health ailments get caught in the crossfire and women could die for lack of abortion of unviable pregnancies, stillbirths, and in the case of misunderstood health issues, the matter of health data privacy has quickly become the forefront of data privacy in the U.S. and a matter of life and death for a number of Americans.

Whitmer also aims to protect nurses and doctors caught in between various laws and bans on abortion access who could be prosecuted for saving a woman's life, as recent news reports have surfaced of women being allowed to develop unstable vitals before doctors and nurses feel the law allows them to intervene on emergency healthcare and unviable pregnancies.

This letter also follows NPR reports of law enforcement in other states using Facebook data to go after women seeking abortion care. Governor Whitmer, a Democrat, has already halted a ban on abortion in Michigan, and the procedure remains legal for the moment, though it is not clear it will remain that way.

“Every Michigander deserves privacy and control over their data, which includes so much personal information about our health, habits, and lives,” said Governor Whitmer. “We know the risks of someone getting access to our data. If it fell into the wrong hands, our digital footprint could tell someone where we are, who we were with, what we bought—even intimate details about our health. Without adequate protections, that data could be used to go after women seeking reproductive health care or to prosecute nurses and doctors for doing their jobs. Amid an ongoing assault on women’s bodily autonomy by extremists who do not hesitate to use location and health data to target Michiganders, we must do more to protect everyone’s fundamental right to privacy."

While the move is viewed as a political ploy for reelection by those on the right, Whitmer has been a staunch defender of reproductive freedom for a variety of reasons, including protecting women's health, which is commonly misunderstood and politicized to the detriment of health outcomes for women and their pregnancies.

“As custodians of our most sensitive data, Apple, Alphabet, Amazon, Meta, and Microsoft have a responsibility to protect their customers and their privacy,” continued Governor Whitmer. “I am grateful for the steps you have already taken—to varying degrees—to enhance digital privacy, but your work to protect our data must be an ongoing effort. Trust—in government and the private sector—is a precious resource, and firms that value privacy will benefit their shareholders by fostering a transparent relationship that prioritizes the needs of their users."

Mechanisms to Protect Health Data

There are a number of additional steps that could be taken to protect health data of Americans, which will certainly affect policies, laws, and lives beyond pregnant people in the coming years. Whitmer's letter includes the following suggestions, which might also be of use to business owners and professionals in the data privacy and cybersecurity space for protection of user health data:

1. Provide users with clearer mechanisms to opt out of data retention and sharing for sensitive health information, including any sale of such data to third parties. These mechanisms should be paired with additional steps to protect user data, such as automatically deleting such data after a set period of time. 
2. User information should be provided to law enforcement only in response to requests that conform to the relevant law. Whenever legally possible, companies must notify users when law enforcement make a request for their communications or personal information. 
3. Companies must make information publicly available about requests they receive for sensitive health data and other information that could be used to prosecute women for seeking health care. They must publish and regularly update information about all such requests received for user communications or information concerning reproductive health or other health matters, including search histories. 

Additional Resources for Ways To Protect Health Data Beyond Abortion

If you would like to learn more about ways to protect user health data beyond abortion, the following articles and resources might give you a starting point and raise some issues to consider for your own use or to shape policies and technology for your company:

Forbes: Cybersecurity and Data Protection in Healthcare

ACLU: FAQ on Government Access to Medical Records

AHU: 5 Elements to Establish Data Security in Healthcare

Medical Economics: 10 Ways To Improve Patient Data Security