On November 1, 2009, the "Statistical Reporting of Abortion Law" was scheduled to go into effect in Oklahoma. A temporary restraining order issued on October 20, 2009, however, has blocked enforcement of the law until at least December 4, 2009.* (Davis v. Edmondson, Okla. Dist. Ct. No. CJ-2009-9154). The Statistical Reporting of Abortion Law is just one aspect of a broad and controversial abortion law, which also bans abortions on the basis of "sex of the unborn child." The Statistical Reporting of Abortion Law requires doctors to obtain detailed information from patients seeking abortions that will then be posted publicly through the Oklahoma Department of Health's web site. Some of the required information includes:
- Date of abortion
- County in which abortion performed
- Age of mother
- Marital status of mother (married, divorced, separated, widowed, or never married)
- Race of mother
- Years of education of mother (specify highest year completed)
- State or foreign country of residence of mother
- Total number of previous pregnancies of the mother
- Total number of live births, miscarriages, induced abortions
- Whether the woman is employed by the State of Oklahoma
The ostensible purpose of the Statistical Reporting of Abortion Law is to collect data about abortions to inform lawmakers about abortion practices in the State. The Davis lawsuit alleges the law violates Oklahoma's constitution (for reasons unrelated to privacy concerns), but others have expressed concerns that the law violates the spirit, and perhaps the actual provisions, of HIPAA. Some commentators have noted that the information could be used to identify women who have obtained abortions, particularly when they live in small towns. Under HIPAA, "de-identified" protected health information ("PHI") may be used or disclosed for various purposes, including research. De-identified PHI (that is, information that is stripped of details that would identify the patient, such as name, street address, city, county, etc.) can be used or disclosed without restriction, however, HIPAA requires that entities have no actual knowledge that the remaining information could be used alone or in combination with other information to identify an individual. Opponents of the law's reporting provisions believe that under certain circumstances women can be identified based on the information requested, resulting in a violation of HIPAA. More to come as the lawsuit continues.
* Correction: An earlier version of the blog post stated that the law went into effect on November 1, 2009.