US Democrat Bill Seeks to Enforce Privacy and Security Rights for Health Information

As organizations deploy new tools to fight the spread of COVID-19 – including contact tracing apps, digital monitoring, home tests and vaccine appointment booking – US Democrats have introduced a bill seeking to set strong and enforceable privacy and data security rights for health information.

Patient data fetches a handsome dollar on the dark web, and data breaches abound. Malicious actors use stolen health data to conduct fraud.

Decades of data misuse, breaches and privacy intrusions have left Americans reluctant to trust tech firms with their sensitive health information, according to a press release from Washington DC.

The recent surge in cyber-intrusions leveraging COVID-19 has prompted Democrat senators to propose the bicameral Public Health Emergency Privacy Act. The bill would protect Americans who use this kind of technology during the pandemic and safeguard civil liberties, according to the announcement.

Representatives Anna G. Eshoo (D-CA), Jan Schakowsky (D-IL), and Suzan DelBene (D-WA) introduced the Public Health Emergency Privacy Act in a bid to strengthen public trust and empower health authorities and medical experts to leverage new health data and apps to fight COVID-19.

Bearing strong similarities with the 2018 General Data Protection Regulation issued in the European Union, the new Public Health Emergency Privacy Act would:

• Ensure that data collected for public health is strictly limited for use in public health
• Explicitly prohibit the use of health data for discriminatory, unrelated, or intrusive purposes, including commercial advertising, e-commerce, or efforts to gate access to employment, finance, insurance, housing, or education opportunities
• Prevent misuse of health data by government agencies with no role in public health
• Require meaningful data security and data integrity protections – including data minimization and accuracy – and mandate deletion by tech firms after the public health emergency
• Protect voting rights by prohibiting conditioning the right to vote based on a medical condition or use of contact tracing apps
• Require regular reports on the impact of digital collection tools on civil rights
• Give the public control over their participation in these efforts by mandating meaningful transparency and requiring opt-in consent
• Provide for robust private and public enforcement, with rulemaking from an expert agency while recognizing the continuing role of states in legislation and enforcement

“Our health privacy laws have not kept pace with what Americans have come to expect for their sensitive health data,” said Mark R. Warner, US Senator from the Commonwealth of Virginia.

“Strong privacy protections for COVID health data will only be more vital as we move forward with vaccination efforts and companies begin experimenting with things like “immunity passports” to gate access to facilities and services,” Warner said. “Absent a clear commitment from policymakers to improving our health privacy laws, as this important legislation seeks to accomplish, I fear that creeping privacy violations and discriminatory uses of health data could become the new status quo in health care and public health.”

The bill is endorsed by Access Now, Electronic Privacy and Information Center (EPIC), the Center for Digital Democracy, Color of Change, Common Sense Media, New America”s Open Technology Institute, and Public Knowledge.