UPDATE: HB 4093 did not pass in the General Assembly during the scheduled session. We look forward to continuing to work on this legislation.
Programs and apps that track and collect personal health information are used by millions of Americans seeking to monitor this data for a variety of reasons – from tracking one’s heart rate or menstrual cycle to cataloging caloric intake, track sleep habits, whether they traveled and where. Such applications currently track vast amounts of information with little-to-no consent required to collect, share, or even sell gathered data. The makers of such apps have no obligation under existing federal or Illinois law to disclose who they share data with, sell data to, and are under no obligation to whatsoever to delete data in response to a user request.
Companies like Facebook, Google, and Amazon collect and sell tremendous amounts health data (including health data derived from other data, such as someone’s routinized presence in a hospital, messages or emails that reveal health conditions, search terms, purchased history, etc.). This data is not subject to HIPAA, and thus is over-collected, over-stored, shared widely with an array of third parties, and often sold without the knowledge or consent of the individual.
HB 4093 aims to safeguard this private information by assuring that individuals have more control over their data before it is collected, stored, shared or sold to others.
HB 4093 requires entities to be more transparent with consumers about their data collection practices, publishing a health data policy that discloses the specific health data being collected and why it is collected. Entities also must say which third parties they are sharing, storing and selling the information with, and information about how one can assure that their data is not shared.
The bill also requires entities to get written consent from each individual before they store, share and sell the data with third parties.
Protecting the privacy of health data is more urgent today than ever before. In the wake of the Dobbs decision by the Supreme Court of the United States, many people are concerned about the sharing of health data with law enforcement seeking to enforce restrictive abortion laws across state lines.
The Protect Health Data Privacy Act reduces the likelihood that anyone’s private health data ends up in the wrong hands.