Health apps, wearable devices like Fitbits and genetic testing kits would be subject to new privacy regulations, under a bill proposed Friday by Sens. Amy Klobuchar (D-Minn.) and Lisa Murkowski (R-Alaska).
The proposed Protecting Personal Health Data Act would task the secretary of Health and Human Services with crafting regulations to boost the privacy of health data.
The federal Health Insurance Portability and Accountability Act of 1996 already requires health care providers, including doctors and hospitals, to protect consumers' privacy. But the senators suggest that HIPAA -- which predates social media, apps and devices like Fitbits -- hasn't kept up with technology.
The lawmakers point to recent reports about data sharing by health apps, including a Washington Postarticle stating that the pregnancy tracking app Ovia sold data to employers.
Ovia reportedly said it complies with HIPAA, and that it anonymizes and aggregates the data before sharing it with employers. But privacy experts told the Post that people could be re-identified if Ovia data was cross-referenced with other information.
The journal JAMA Network Open also recently reported that many health apps transmitted data to Facebook or Google, without making disclosures to consumers.
“New technologies have made it easier for people to monitor their own health, but health tracking apps and home DNA testing kits have also given companies access to personal, private data with limited oversight,” stated Klobuchar, who is seeking the Democratic nomination for president. “This legislation will protect consumers’ personal health data by requiring that regulations be issued by the federal agencies that have the expertise to keep up with advances in technology.”