Data Brokers and Mental Health Information – Lack of Protections and Regulations 

March, 2023 - Shane P. Riley

As consumer data collection continues to rise in the United States and around the world, aggregated health data is becoming a more common product bought and sold by data brokers. While worrying on its own, even more concerning is the growth in individually identifiable data being sold by private companies, which could range from the number of occurrences of a certain condition in a given zip code to the names, addresses, and incomes of individuals with the same condition.
Currently, the federal government does not provide comprehensive consumer data protections that would bar this behavior. HIPAA, the Health Insurance Portability and Accountability Act, governs how and when health care providers and servicers may share patient health data, but this does not extend to tech companies collecting data under terms and conditions accepted by the consumer that often grant the company broad discretion in how their data may be shared and used.
The result overall is a patchy and unregulated system in which consumers often do not realize that their data is being collected at all, let alone aggregated and sold for a profit. Some states, notably California and Vermont, have made some headway in cracking down on the practice by requiring data brokers to register with the state, but this alone will not stop data sales. The recent Supreme Court decision in Dobbs could be raising much more awareness of the real-world consequences of rampant data collection. Legislators are working on limiting the ability to share reproductive health data so that it cannot be misused. While this is a promising advancement, it is still a small piece of the puzzle when it comes to protecting consumer data.




WSG Member: Please login to add your comment.