Senator Proposes Health Data Privacy Bill Requiring Explicit Consent
Sen. Catherine Cortez Masto, D-Nevada, recently unveiled data privacy legislation that would require companies not covered by HIPAA to get explicit consent from patients before gathering and sharing health and genetic data.
Cortez Masto joins several other Congressional members to propose data privacy legislation in recent months. Sen. Marco Rubio, R-Florida, recently released his take, the American Data Dissemination Act of 2019, which would supersede the patchwork of state laws.
The bills come on the heels of intense data privacy scrutiny from Congress. Both the House and Senate held separate data privacy committee meetings in February, which centered around the risk posed by companies gathering and collecting data, including health information, without explicit consent.
“This bill requires companies put data protection and transparency first, while also requiring Congress and our government agencies step up to make the private data of consumers in Nevada, and across the country, a priority for protection,” Cortez Masto said in a statement.
To accomplish this, the legislation would require companies to provider individuals with reasonable access to a method that would allow them to opt in or out of data collection and sharing. The bill covers the collecting and storing of sensitive data, such as biometrics, genetics, or location data.
The consent form must outline how that data will be used. And the bill will also let consumers request, dispute the accuracy of their records, and transfer or delete their data “without retribution” around price or services offered.
Much of the bill’s language reflects the increasing focus on privacy in the Congressional space, especially in light of Facebook’s data collection processes. A recent complaint to the Federal Trade Commission blasted the social media platform for allegedly exposing users’ health data in purportedly private groups. In response to these reports, New York is investigating Facebook’s health data practices.
For more information on HIPAA compliance, contact the compliance experts at HIPAAcraticRx.