Getty Images/iStockphoto

Senators Introduce UPHOLD Privacy Act to Prevent Use of Health Data For Advertising

If passed, the UPHOLD Privacy Act would prohibit companies from using personal health data for commercial advertising purposes and would prevent the sale of precise location data to and by data brokers.

US Senators Amy Klobuchar (D-MN), Elizabeth Warren (D-MA), and Mazie Hirono (D-HI) introduced the Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act, aimed at preventing the use of health data for advertising purposes.

If passed, the UPHOLD Privacy Act would prohibit the use of “personally identifiable health data collected from any source, including data from users, medical centers, wearable fitness trackers, and web browsing histories” from being used for commercial advertising.

In addition, the Act would restrict the sale of precise location data to and by data brokers, and place additional disclosure restrictions on companies’ use of health data without user consent.

“For too long companies have profited off of Americans’ online data while consumers have been left in the dark, which is especially concerning in light of reports that some social media companies collect data related to reproductive health care,” Klobuchar said. 

“By stopping the use of personal health information for commercial advertising and banning the sale of location data, this legislation will put new protections in place to safeguard Americans’ privacy while giving consumers greater say over how their sensitive health data is shared online.” 

The UPHOLD Privacy Act is the latest in a string of actions by lawmakers aimed at protecting health data from misuse. For example, the Department of Justice (DOJ) and the Federal Trade Commission (FTC) recently finalized a settlement with telemedicine and prescription drug discount provider GoodRx over alleged violations of the Health Breach Notification Rule and the FTC Act.

The FTC alleged that GoodRx had “violated the FTC Act by sharing sensitive personal health information for years with advertising companies and platforms—contrary to its privacy promises—and failed to report these unauthorized disclosures.”

GoodRx denied the allegations but agreed to the settlement to avoid the expense and time of protracted litigation.

In other news, the FTC recently sent a letter to Amazon following its acquisition of One Medical, reminding it of its obligations to protect sensitive health information.

“The statements in One Medical’s privacy policies, combined with the recent public statements by both companies about privacy, constitute promises to consumers about the collection and use of their data by the post-acquisition entity,” the letter pointed out.

“Companies that fail to abide by the commitments and representations they have made to consumers can violate Section 5 of the FTC Act.”

The recent FTC settlements and warnings along with legislation like the UPHOLD Privacy Act have sent a clear message to companies that handle sensitive data – companies that use health data for advertising purposes without consent will be held accountable.

Dig Deeper on Health data access & privacy