FOR IMMEDIATE RELEASE: December 17, 2024

Contact: Michael Clauw, mclauw@campaignforaccountability.org, 202.780.5750

WASHINGTON, D.C. – Today, Campaign for Accountability (CfA), a non-profit watchdog group, wrote to attorneys general in five states, highlighting new information relevant to earlier complaints CfA filed with their offices about apparently deceptive behavior of “crisis pregnancy centers” (CPCs) in their states, requesting investigations under states’ unfair trade and deceptive practices acts. In April, CfA detailed how nonmedical CPCs in Idaho, Minnesota, New Jersey, Pennsylvania, and Washington appeared to violate consumer protection laws by telling clients their personal health information (PHI) is protected under the Health Insurance Portability and Accountability Act (HIPAA). Recently, CfA received written confirmation from the Department of Health and Human Services (HHS) that the federal health law does not apply to a Louisiana CPC that was suggesting clients’ data was protected by HIPAA, and whose business model appears indistinguishable from the centers CfA highlighted in its complaints to the attorneys general.

Read CfA’s follow up letters to:

– Idaho Attorney General Raúl Labrador

– Minnesota Attorney General Keith Ellison

– New Jersey Attorney General Matthew J. Platkin

– Pennsylvania Attorney General Michelle Henry

– Washington Attorney General Robert Ferguson

Earlier this year, Abortion Every Day reported that a video posted by international anti-abortion organization Heartbeat International leaked the names of 13 women that had visited an affiliated CPC in Louisiana—The Unexpected Pregnancy Center (TUPC)—to the open internet. The names, as well as other personal information, such as the women’s due dates and dates of their last menstrual periods, were visible on screen as part of a series of training videos, which appear to show a nonmedical Heartbeat employee wielding access to vast amounts of affiliate client data.

Similar to some of the CPCs CfA highlighted in its April complaints, the “Notice of Privacy Practices” on TUPC’s website provided clients with instructions for filing a complaint with HHS’ Office of Civil Rights (OCR) if they felt their data had been misused. Following this guidance, CfA filed a complaint with OCR regarding the posting of the Louisiana clients’ personal data. HHS responded to CfA’s complaint in November, clarifying that it had no authority to act as “the requirements of the HIPAA Rules do not apply to The Unexpected Pregnancy Center & Heartbeat International.”

Today’s letters to the attorneys general note that the business models of the CPCs in their states appear virtually indistinguishable from TUPC’s, meaning they too are unlikely to be covered entities under HIPAA, leaving any legal action for such deceptive claims to the states. The new letters also highlight multiple other CPCs in each state making claims of HIPAA compliance and reiterates the request for an investigation.

CfA Executive Director Michelle Kuppersmith said, “The widespread nature of these inaccurate confidentiality claims is troubling, and CPCs are unlikely to stop suggesting they are HIPAA compliant until attorneys general make clear that there are repercussions for deceiving consumers. Now that HHS has clearly explained its lack of jurisdiction, attorneys general with comparable CPCs in their states must step in and hold them accountable.”

Campaign for Accountability is a nonpartisan, nonprofit watchdog organization that uses research, litigation, and aggressive communications to expose misconduct and malfeasance in public life and hold those who act at the expense of the public good accountable for their actions.