Three U.S. senators recently introduced legislation that would ban the use of health data for advertising and marketing purposes. Senators Amy Klobuchar (D-Minnesota), Elizabeth Warren (D-Massachusetts) and Mazie Hirono (D-Hawaii) proposed the bill, which is titled the Upholding Protections for Health and Online Location Data (UPHOLD) Privacy Act.

The proposed legislation comes amid media reports describing how data brokers are selling information that could be used to identify women who sought abortions and other reproductive health care services to social media companies. It also comes as hospitals and digital health startups nationwide are being accused of collecting patients’ online data and sharing it with tech giants such as Facebook and Google.

If passed, the UPHOLD Privacy Act would prohibit organizations from using personally identifiable health data collected from any source — including healthcare providers, wearable fitness trackers and web browsing histories — for commercial advertising. This ban would not apply to public health campaigns, such as those encouraging Covid-19 vaccinations or promoting testing for sexually transmitted infections.

The Act would also require additional disclosure restrictions on companies’ use of health data without user consent, as well as prohibit the sale of precise location data to and by data brokers.

“For too long companies have profited off of Americans’ online data while consumers have been left in the dark, which is especially concerning in light of reports that some social media companies collect data related to reproductive healthcare,” Klobuchar said in a statement. “By stopping the use of personal health information for commercial advertising and banning the sale of location data, this legislation will put new protections in place to safeguard Americans’ privacy while giving consumers greater say over how their sensitive health data is shared online.” 

This is not the first time Klobuchar has cracked down on healthcare data sharing this year. Last month, she and three other senators wrote letters to telehealth companies Cerebral, Monument and Workit Health calling on them to do a better job of protecting their patients’ health data. The letters expressed concern over media reports showing the companies had been sharing their users’ health data with social media platforms for advertising.

Federal departments and agencies are also increasing their efforts to protect healthcare data from misuse. 

The Department of Justice and the Federal Trade Commission recently accused consumer-focused digital healthcare platform GoodRx of failing to notify users that it sold their personal health information to Google, Facebook and other tech companies. In the complaint, the FTC claimed that GoodRx violated the FTC Act and failed to honor its privacy policies.

To settle the case, GoodRx agreed to pay a $1.5 million penalty for failing to report its leakage of user data to third parties, but did not admit to wrongdoing. The settlement—which must be approved by the federal court before it goes into effect— bans GoodRx from sharing user data with advertisers and requires the company to direct third parties to delete the user data it shared with them. 

Photo: eichinger julien, Getty Images