'DEFUND 250': Planned Parenthood's top 10 disqualifying privacy violations

On July 4, 2026, America will celebrate the 250th anniversary of her founding — but unless Congress votes to continue banning federal Medicaid dollars from abortion providers like Planned Parenthood, July 4 will also be the day that America's most prolific killer of preborn children will see those taxpayer dollars once again pouring into its bank accounts.

Planned Parenthood deserves to be permanently defunded — and Live Action News' series, 'DEFUND 250,' plans to remind the public of many reasons why.

According to the Centers for Medicare and Medicaid Services (CMS), recipients of government programs that pay for health care, like Medicaid, must comply with the Health Insurance Portability and Accountability Act known as HIPAA. In numerous cases, however, Planned Parenthood has failed to protect patient privacy.

Key Takeaways:

• Various privacy breaches have taken place at Planned Parenthood over the years.

• Some breaches have been via patient databases. Others have been perpetrated by employees who had personal vendettas against patients or who were simply "curious."

• In one breach, over half a million patients were affected.

The Details:

#1: Privacy Breaches: A Case for Defunding Planned Parenthood

Live Action's "A Case for Defunding Planned Parenthood" report is clear that privacy breaches are cause to revoke the taxpayer dollars funding the corporation:

Regulatory Violations HHS oversees the Centers for Medicare and Medicaid Services (CMS), the Office for Civil Rights (OCR), and the Office of Population Affairs (OPA), which governs Title X. According to the HHS Administrative and National Policy Requirements handbook, funding recipients must abide by the Privacy Act as well as the Health Insurance Portability and Accountability Act (HIPAA).

The 2024 Title X handbook likewise makes it clear that funding recipients must protect patient privacy. However, Planned Parenthood has on numerous occasions demonstrated careless disregard for the regulations by which it is legally required to abide in order to receive federal funding. It has repeatedly violated HIPAA regulations, and its negligence has resulted in massive privacy breaches and abuses.

#2: History of failing to protect patient privacy under HIPAA

• 2011: An OCR complaint alleged a worker at Planned Parenthood in New York “impermissibly disclosed” the complainant’s health information to her sister’s friend.

• 2012: A complainant informed the governing body she had received a call from Planned Parenthood of Northeast Ohio asking her to contact them regarding test results. During the call, it was determined that she was not the correct patient.

• 2013: A complaint filed against a Planned Parenthood in Chicago, Illinois, alleged that an employee impermissibly disclosed a patient's private health information to a third party on Facebook.

• 2014: An OCR complaint alleged that a Planned Parenthood in Trexlertown, Pennsylvania, violated the Federal Standards for Privacy Identifiable Health Information after sending a patient's bill to the wrong person.

#3: Is private medical information really safe at Planned Parenthood?

Complaints on file with the State of California’s public website are listed below:

1. PP of The North Valley: A patient reported that following her visit, she received text messages from an anonymous number, reading:

“Damn, you have an STD WOW.” The second message read, “LOL I know everyone. Nasty. My friend works at Planned Parenthood. I’m telling everyone.” 

The PP staffer had looked at the patient’s information because she was dating the patient’s ex-boyfriend and had concerns about an STD.

2. PP Napa Center managers were notified about a breach of confidentiality by Planned Parenthood’s receptionist, who admitted to authorities that she looked at a patient's medical chart because "she was curious."

3. Separately, another staffer admitted to state officials that she looked at the private records of a patient "for her own personal reason" and "that she was currently dating Patient 1 's ex-boyfriend and had concerns about a sexually transmitted disease."

4. PP Northern California (December 2025) informed their patients "of a cyber security incident involving one of their subcontractors, Trizetto Provider Solutions (TPS), involving "a data compromise by an unauthorized party...."

#4: Records dumped into trash bins and receptacles

2022: Live Action News reported that Planned Parenthood Bedford Heights was ordered to pay a fine by the Ohio Department of Health (ODH) for dumping private patient information in the trash. Operation Rescue noted:

The Planned Parenthood inspection report noted that nine of the 33 women identified in documents and items retrieved from its dumpster were confirmed to have been recent patients at that facility.

 2014:  Planned Parenthood Southwest Ohio Region at PP Elizabeth Campbell Center in Cincinnati left a storage location that housed private prescription medical logs unlocked. As a result, the custodian placed the logs containing personal health information of 5,000 individual in the trash dumpster.

#5: FOIA Reveals Multiple Privacy Breaches at PP

Live Action News previously sent a freedom of information request (FOIA) to OCR for documentation where Planned Parenthood failed to protect patient privacy. The documents are linked below.

• 1-100

• 101-200

• 201-300

• 301-400

• 401-500

• 501-600

• 601-700

• 701-800

• 801-900

• 901-1000

• 1001-1100

• 1101-1200

• 1201 – 1236

#6: Former PP Delaware: 'Inadequate protection of patient confidentiality and privacy'

Melody Meanor, the former Health Center Manager of Family Planning at Planned Parenthood of Delaware in Wilmington, joined other staffers to expose the center’s privacy policies.

NBCPhiladelphia.com reported:

In their testimony, the women claimed the privacy of patients was jeopardized, that they were asked to falsify employee records, that medical assistants were poorly trained and that certain women in need of certain medications after abortions often didn’t receive them. They also claimed that the facility failed to inform up to 200 women that they tested positive for gonorrhea and chlamydia, according to Delaware Online.

In her testimony, Meanor claimed:

One area I attempted to correct was inadequate protection of patient confidentiality and privacy. At the beginning of my employment, I struggled to correct negative patient care violations that involved HIPAA violations.

She added that her "attempts to train and discipline health center assistants were significantly undermined..."

In 2013, OCR was notified that Planned Parenthood of Delaware violated the Federal Standards for Privacy of Individually Identifiable Health Information.

#7: Third-Party Contractors Received Private Medical Information

Former Stem Express procurement technician, Holly O’Donnell, alleged to the Center for Medical Progress (CMP) that Planned Parenthood would provide private patient medical information to third party contractors at fetal tissue procurement agency StemExpress in order to meet the company’s quotas for harvesting body parts from Planned Parenthood abortions.

We’d go to the head nurse, let the nurses know, hey, this is what I’m looking for today. They’d give you a sheet of the appointments, which women were coming in, and it would tell you how many patients, what time they were coming in, their name, and if they knew how far along they were.

Clearly, disclosing patient names is a violation of HIPAA.

StemExpress' Coordination with Planned Parenthood

In addition, O’Donnell also revealed that Planned Parenthood gave StemExpress access to patient medical charts and even the clinics’ computer network to download patient schedules across the entire Planned Parenthood affiliate. 

In 2016, the Washington Times reported:

The day before abortions were scheduled to take place… StemExpress was notified by fax by the clinics and granted medical files on individual patients.

Live Action News previously reported how “[David] Daleiden testified that JR Gladstone, research coordinator at Planned Parenthood Rocky Mountains, showed him patient records…. Patient files are protected by HIPAA privacy laws…. This testimony was stricken from the record by Judge William Orrick III.”

#8: PP Patients File Class Action Lawsuits for Breaches

In 2024, Planned Parenthood Los Angeles (PPLA) reached a “$6 million settlement to resolve all claims related to a 2021 data breach that exposed the personal information of more than 409,437 patients,” reported the HIPAA Journal in April.

The data breach was blamed on a ransomware attack, according to a report from the Los Angeles Times.

Shortly after receiving the notice of the breach, a class action lawsuit was filed against Planned Parenthood in the U.S. District Court of Central California.

The lawsuit alleged “violations of the Health Insurance Portability and Accountability Act (HIPAA), the California Confidentiality of Medical Information Act (CMIA), and the California Consumer Privacy Act (CCPA),” according to the HIPAA Journal.

In addition, the lawsuit claimed that “Despite discovering the Data Breach on October 17, 2021 (more than one week after the unauthorized parties first accessed PPLA’s systems), not until November 4, 2021, did PPLA determine that the stolen files included its patients’ Confidential Information. And, PPLA failed to provide notice to its patients until November 30, 2021, at the earliest—more than one month after PPLA had detected the Data Breach” (emphasis added).

While, according to HIPAA Journal, PPLA chose to settle the lawsuit with no admission of wrongdoing, the plaintiffs allege that Planned Parenthood “acted in reckless disregard of their privacy rights” and “knew or should have known that their substandard data security measures are highly offensive to a reasonable person in the same position as Plaintiffs and Class members.”

In May of 2025, HIPAAJournal.com reported another lawsuit, writing in part:

Planned Parenthood patients are taking legal action over the theft of their sensitive data from Laboratory Services Cooperative (LSC), a Seattle, WA-based diagnostic testing service provider used by Planned Parenthood centers in 30 states and the District of Columbia...in February 2025...an unauthorized third party had accessed its network and obtained files that contained sensitive patient data...

The lawsuits allege LSC was negligent by failing to implement reasonable and appropriate cybersecurity measures to protect sensitive patient data, and if those measures had been implemented, the data breach could have been prevented.

#9: Over Half a Million PP Patients Exposed by Large Breaches

Approximately 2,500 patients of a former Planned Parenthood facility in Dubuque, Iowa, were notified that medical records (from 2008 to 2014) were left behind and may have been “accessed by unauthorized parties,” following the facility’s closure.

The Office of Civil Rights (OCR) archives reveals that over 628,000 Planned Parenthood clients have been affected by large privacy breaches since 2015. This does not include individual complaints filed with the OCR.

• 2024 Planned Parenthood of Montana: 56,917

• 2021 Planned Parenthood Los Angeles: 409,759

• 2020 Planned Parenthood of Metro Washington: 142,982

• 2018 Planned Parenthood of the Heartland: 515

• 2016 Planned Parenthood of Greater Washington and North Idaho: 10,700

• 2016 Planned Parenthood of the Heartland: 2,506

• 2015 Planned Parenthood Southwest Ohio: 5,000

#10: Additional PP Privacy breaches and complaints

TAB, a records management company which worked with Planned Parenthood Federation of America for over a decade, identified “some serious problems” with records of Planned Parenthood of Illinois, which oversaw 17 branch locations. In TAB’s document, they suggested that the corporation’s records were getting lost in the mail and seen by those not employed by PP.

In addition, PP complaints have been filed against:

• PP of South Atlantic

• PP Utica New York

• PP of Northeast Ohio

•  PP in Chicago, Illinois

• PP Gulf Coast

• PPP Mission Bay

• PP Moreno Valley Center

When a privacy breach takes place, individuals can file a complaint with the federal OCR, which is responsible for enforcing the HIPAA Privacy and Security Rules.