Collection, use of consumer data puts sensitive health information at risk, groups say

The information that consumers share online, including sensitive health data, is being collected, shared with third parties and sold, often without consumers’ awareness.

That is putting consumers’ privacy at risk, according to many federal lawmakers and civil rights groups at a hearing on Capitol Hill this week.

In some cases, the data use results in discrimination, differential pricing, and even physical harm, said Representative Frank Pallone, Jr., D-N.J., chairman of the House Energy and Commerce Committee, during a consumer protection and commerce subcommittee hearing Tuesday.

The topic of consumer data privacy is heating up, both on and off the Hill. Facebook has recently come under fire for its privacy policies after a complaint filed with the Federal Trade Commission accused the social media company of exposing users’ sensitive health data. An investigation by The Wall Street Journal published last week also revealed that apps tracking sensitive information are sending that data back to Facebook, unbeknownst to the people using those apps.

Facebook is not the only company coming under scrutiny, and momentum is building for federal privacy legislation. However, whether federal legislation should override state laws is a key area of debate between Democrats and Republicans.

While health records are covered by HIPAA laws, health IT organizations like the American Medical Informatics Association (AMIA) have called attention to the blurring lines between consumer and medical information systems. In comments (PDF) to the Trump administration last fall, AMIA urged the administration to consider developing an ethical framework around the collection, use, storage, and disclosure of the personal information consumers provide to organizations.

“Low-income consumers may get charged more for products online because they live far away from competitive retailers. Health insurance companies could charge higher rates based on your food purchases or information from your fitness tracker. These are simply unacceptable uses of people’s data,” Pallone said.

RELATED: Complaint to FTC accuses Facebook of exposing sensitive health data in groups

While acknowledging there are legitimate and beneficial reasons for companies to use personal information, Rep. Jan Schakowsky, D-Ill., chair of the consumer protection and commerce subcommittee, said there should be limits on the collection of consumers’ data and on the use or sharing of their personal information.

“Privacy is the currency you pay to engage in the digital ecosystem. Consumers should not have to make that choice,” Brandi Collins-Dexter, senior campaign director at Color of Change, an online civil rights organization, testified.

Whether intentional or unintentional, the tracking of users across the web and what happens to that data disproportionately impacts communities of color, according to Collins-Dexter. Sensitive information and changes in daily habits are tracked and sold to third-party data mining companies and marketers, she testified.

“Visits to a doctor’s website or to a prescription refill page could allow the internet service provider, platform, or a data broker partner to infer someone in the household has a specific medical condition. That information could be sold without consent to pharmaceutical and healthcare companies or even potential employers without the consent or authorization of the user,” Collins-Dexter said.

RELATED: Health IT Roundup—Apps share sensitive health data with Facebook; Stanford issues ethical guidelines for digital health

Consumers are aware that their data is collected and used by companies to enhance online experiences, testified David Grimaldi, executive vice president for public policy at the Interactive Advertising Bureau (IAB), which represents media and technology companies that account for 86% of online advertising in the U.S. Data-driven advertising supports and subsidizes content and services on the Internet, at little to no cost to consumers, he testified.

There is a need for a new, federal paradigm on consumer privacy, he said, that sets clear rules that describe what data practices are permitted and prohibited. The alternative is a “patchwork of ambiguous and inconsistent state laws that will create uncertainty for businesses and uneven protections for consumers," he said.