Cassidy, Rosen Bill Fixes Gap in Health Data Privacy Protections

U.S. Senators Bill Cassidy, MD, (R-Louisiana) and Jacky Rosen (D-Nevada) have introduced legislation to prevent data mining of Americans’ personal health data stored on wearable personal devices, such as smartwatches.

The bill comes amid renewed concerns of Google’s plans to buy Fitbit in light of recent reports that Google has partnered with Ascension to secretly harvest the nonanonymized private health data of millions of Americans. The actions of Google and Ascension raise questions about how Google and other companies would use data collected from smart device users.

The Health Insurance Portability and Accountability Act (HIPAA) protects all interactions between patients and their doctors. HIPAA does not protect health data recorded on personal devices.

Related: Three Things to Know About HIPAA Compliance

The Stop Marketing And Revealing the Wearables And Trackers Consumer Health Data Act (Smartwatch Data Act) defines what data is protected under the law. The bill would prevent entities that collect consumer health information from transferring, selling, sharing, or allowing access to consumer health information or any individually identifiable consumer health information collected on personal health trackers. Violations of the new act would be enforced by HHS in the same manner the department enforces HIPAA.

“The Google/Ascension news has brought needed scrutiny to the security of Americans’ health data,” Cassidy says. “The Smartwatch Act prevents big tech data harvesters from collecting intimate private data without patients’ consent. Americans should always know their health information is secure.” 

“The introduction of technology to our healthcare system in the form of apps and wearable health devices has brought up a number of important questions regarding data collection and privacy,” Rosen says. “This commonsense, bipartisan legislation will extend existing healthcare privacy protections to personal health data collected by apps and wearables, preventing this data from being sold or used commercially without the consumer’s consent.”