U.S. Senator Amy Klobuchar (D-MN) and Senator Lisa Murkowski (R-AK) introduced new legislation today to protect consumers’ private health data. While recent reports have highlighted how home DNA testing kits and health data tracking apps have given companies access to unprecedented levels of consumer health data, current law does not adequately address the emerging privacy concerns presented by these new technologies. The Protecting Personal Health Data Act addresses these health privacy concerns by requiring the Secretary of Health and Human Services to promulgate regulations for new health technologies such as health apps, wearable devices like Fitbits, and direct-to-consumer genetic testing kits that are not regulated by existing laws.
“New technologies have made it easier for people to monitor their own health, but health tracking apps and home DNA testing kits have also given companies access to personal, private data with limited oversight,” Klobuchar said. “This legislation will protect consumers’ personal health data by requiring that regulations be issued by the federal agencies that have the expertise to keep up with advances in technology.”
“I continue to hear from Alaskans about privacy concerns when it comes to individual data. Protection of personal information, and health information in particular, is an important issue to me and to the people in our state. That’s why I have pushed for data privacy protections for all consumers, and am proud to cosponsor this bipartisan legislation addressing health data privacy and security. Information about an individual’s health is incredibly personal and keeping this information private and secure must be a priority,” Murkowski said. “This legislation takes important steps to ensure guidelines are created for security and privacy protections of modern health information. Our policies must evolve to keep up with advancements in recent technology. By enacting important modern protections for consumers’ personal health data, our bill puts the privacy of American consumers first.”
The Washington Post recently reported that a pregnancy tracking app has been selling user data to employers, and another report revealed that health apps for users battling depression or trying to quit smoking are selling personal details they collect to third parties, like Google or Facebook, without user consent. A subsequent poll showed that users of these apps cared about privacy, but they also thought the digital trackers were too valuable to give up. Current laws such as the Health Insurance Portability and Accountability Act of 1996 were enacted by Congress when many of the wearable devices, apps, social media sites, and DNA testing companies collecting and sharing health data today did not exist. As science continues to drive technological innovation, we must not sacrifice privacy.
The Protecting Personal Health Data Act would:
- Require the promulgation of regulations to help strengthen privacy and security protections for consumers’ personal health data.
- Ensure that these regulations take into account:
- Appropriate standards for consent that account for differences in sensitivity between genetic data, biometric data, and general personal health data, and that complement existing regulations and guidance; and
- The ability of consumers to navigate their heath data privacy options, and to access, amend, and delete a copy of the personal health data that companies collect or use.
- Create a National Task Force on Health Data Protection that would evaluate and provide input to address cybersecurity risks and privacy concerns associated with consumer products that handle personal health data, and the development of security standards for consumer devices, services, applications, and software. The Task Force would also study the long-term effectiveness of de-identification methodologies for genetic and biometric data, and advise on the creation of resources to educate consumers about direct-to-consumer genetic testing.
The bill is endorsed by Consumer Reports.