As of right now, if you willingly give your medical data to a non-medical company (let’s just say, oh, I don't know, Google), HIPAA does not govern what's done with that data. And what is done with that data is part of a $200 billion data reselling industry. However, a new bill introduced by Sen. Elizabeth Warren, dubbed the Health and Location Data Protection Act, would ban companies from selling the medical and location data of Americans. 

• The bill would ban the reselling and/or transferring of data relating to both the health and location of American users, but leave room for HIPPA-compliant exceptions. 

• According to The Hustle, as far back as 2013, Senators heard testimony from privacy experts stating that data brokers sell “lists of people suffering from mental health diseases, cancer, HIV/AIDS, and hundreds of other illnesses … sell lists of people who are late on payments, often to those who make predatory offers to those in financial trouble ... sell lists of people who are impulse buyers”

• The bill would fund the FTC with $1 billion to enforce the new law, and allow people to sue if they're violated.

Post-Roe Protections

As Vice recently noted, you can track someone who went to Planned Parenthood or other reproductive health/abortion providers for just $160. “It's bonkers dangerous to have abortion clinics and then let someone buy the census tracks where people are coming from to visit that abortion clinic [sic],” cybersecurity expert Zach Edwards told Vice. “This is how you dox someone traveling across state lines for abortions — how you dox clinics providing this service.”

The Verdict

Edwards is right: it is bonkers how easy and terrifying it is to buy individual data and track someone. Hopefully, Senator Warren's bill makes its way through to law with bipartisan support and we can begin reining in data reselling.