Watchdog Organization Calls for Investigations of Crisis Pregnancy Centers Over Potential Privacy Violations
The non-profit civil liberties organization, Electronic Frontier Foundation (EFF), has written to Attorneys General in Arkansas, Florida, Missouri, and Texas, requesting they open investigations of crisis pregnancy centers (CPCs) in their respective states over potential privacy violations and deceptive business practices.
There are currently an estimated 2,750 CPCs in the United States, the majority of which are affiliated with one or more of three organizations: Care Net, Heartbeat International, and the National Institute of Family and Life Advocates. CPCs generally offer pregnancy testing services, counseling, and information, with some also providing limited medical services; however, many CPCs are not licensed medical clinics. CPCs are often connected to religious organizations and have a strong anti-abortion stance and therefore do not offer reproductive healthcare such as abortions or, in some cases, contraception. According to EFF, in 2022, CPCs received $1.4 billion in revenue, including substantial federal and state funds.
The letters from EFF follow complaints filed with State Attorneys General in Idaho, Minnesota, Washington, Pennsylvania, and New Jersey last year by researchers at the nonprofit watchdog organization, Campaign for Accountability. The researchers similarly called for the State Attorneys General to investigate CPCs for misrepresenting how patient data is protected under the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA applies to HIPAA-covered entities (healthcare providers, health plans, and healthcare clearinghouses) and business associates of those entities. The Campaign for Accountability alleged that many CPCs use language in the client intake process and via their websites indicating that any health information collected is protected by HIPAA. While some CPCs, the licensed medical clinics, are HIPAA-regulated entities, many CPCs are not.
Both the Campaign for Accountability and EFF allege potential violations of privacy and consumer rights, as the information collected from individuals receiving services from CPCs may be shared with other centers in their affiliated networks without appropriate privacy or anonymity protections.
In December 2024, the Campaign for Accountability wrote to the Louisiana Attorney General calling for an investigation of the Louisiana CPC, The Unexpected Pregnancy Center, which claimed clients’ personal data was protected under HIPAA when that was not the case. The center is affiliated with Heartbeat International, which leaked the names of at least 13 Unexpected Pregnancy Center clients to the open Internet in a video presentation.
The Campaign for Accountability explained that The Unexpected Pregnancy Center had a Notice of Privacy Practices on its website – a requirement of HIPAA – that informed clients that if they feel their data has been misused, they can file a complaint with the HHS’ Office for Civil Rights (OCR). After learning about the public disclosure of patients’ names and other medical information, the Campaign for Accountability filed a complaint with OCR. OCR confirmed that it did not have jurisdiction since neither The Unexpected Pregnancy Center nor Heartbeat International is a HIPAA-regulated entity.
“This is not about abortion, but about consumers’ reasonable expectation that when a provider tells them their information is protected by HIPAA, it’s true,” explained the Campaign for Accountability. “Louisiana law prohibits such deceptive conduct, and Attorney General Murrill should use her authority to enforce the law.”
EFF explained that the privacy practices of CPCs are not confined to the five states contacted by the Campaign for Accountability, hence the letters to the State Attorneys General in Arkansas, Florida, Missouri, and Texas. “Regardless of your views on reproductive healthcare, we should all agree that privacy is a basic human right, and that consumers deserve transparency,” explained EFF.
The Texas Alliance for Life, a nonprofit organization committed to protecting human life from conception to natural death, responded to the calls from EFF to investigate CPCs and the suggestions of deceptive business practices related to HIPAA compliance. “To our understanding, it is standard practice for pregnancy centers to adhere to strict client confidentiality policies, including compliance with HIPAA, even in cases where it is not legally required,” explained the Texas Alliance for Life in a statement provided to Spectrum News. “The real concern should not be unfounded attacks on these life-affirming organizations but ensuring that women have access to the full range of resources and support they need during pregnancy and beyond.”
An update provided by EFF in August 2025 shows that its actions are bearing fruit.
