State lawmakers passed a bill this week to protect patients’ digital health information from online trackers, hoping to provide additional cover to women seeking abortions in New York post-Roe v. Wade.
The bill, known as the New York Health Information Privacy Act, would require apps and websites designed to store health information or provide diagnoses to get affirmative consent from patients before keeping or selling much of their data. The legislation, which passed both chambers of the state Legislature this week, is an attempt to account for what its sponsors say are holes in federal medical privacy protections that have put patient data at risk of sale to the highest bidder.
Critics of the legislation argue it could impose significant operational hurdles for digital health platforms and hurt the bottom lines of the companies that own them, which they say could affect patients’ access to online products. But in a memo accompanying the bill, the sponsors, Manhattan Democrats Sen. Liz Krueger and Assemblywoman Linda Rosenthal, wrote that it is necessary to protect health privacy, including women whose pregnancy information could be sold to anti-abortion activists.
The bill will next go to Gov. Kathy Hochul’s desk for her signature or veto. Hochul signed a similar law last year that required websites to get a caregiver’s consent before collecting and selling information about their children.
Under the legislation, companies would be banned in most cases from collecting, using or selling patient data without written consent, including the type of meta-data gathered using cookies and other digital trackers that could be linked to an individual’s device or household. That data can reveal a lot about a person and their health care status, Krueger and Rosenthal wrote.
“Residents are generally unaware that their technology is constantly tracking their movements, and geolocation data is being sold to companies for the purposes of targeted advertisements or tracking,” the memo states.
The state attorney general would be authorized to issue fines of up to $50,000 per violation or 20% of the annual revenue garnered from consumers in New York, in addition to other penalties.
