• July 23, 2021

The California Bill Would Protect Our Medical Data From Big Tech

There is a race between the tech industry and legislators for your medical privacy.

Big tech is moving as fast as they can to integrate their increasingly intrusive devices into people’s homes before lawmakers can muster the political will to implement much-needed consumer protections.

The latest example of such an intrusion, as I reported last week, is that Amazon receives federal approval to equip its Alexa devices with radar sensors capable of “capturing motion in three-dimensional space.”

The idea, according to the company, is monitoring your sleep “with a higher degree of resolution and location accuracy than would otherwise be possible” using a wearable device such as an Apple Watch or Fitbit.

Andrew Guthrie Ferguson, a law professor at American University who focuses on privacy issues, told me that this unprecedented level of surveillance in the bedroom is “as creepy as Silicon Valley.”

It’s also exactly what California Assemblyman Ed Chau (D-Arcadia) hopes to control with a bill that is now making its way through the state Senate.

Its legislation, AB 1436, would amend California’s Medical Information Confidentiality Act to require that any company that collects and receives health-related data receive written permission from customers.

“These tech companies are looking for all kinds of personal medical information: your heart rate, your blood pressure, your sleeping habits,” Chau told me. “As it stands, they are circumventing medical privacy laws.”

This is because existing laws apply to “healthcare providers”, which are not companies like Amazon, Apple and Google, even though they are among the companies most eager to hold onto and make use of your medical data. .

Chau, who has been trying to pass variations of AB 1436 for years, originally wrote the latest version of his bill to explicitly designate any company that collects medical information as a healthcare provider.

This simple change would instantly bring all of these companies under existing state and federal medical privacy rules.

Chau told me that he had to abandon that provision amid strong pushback from the tech industry and his friends in Sacramento.

Now, the legislation is focused on requiring explicit acceptance for any collection and transmission of medical information.

While that’s a more modest goal, Chau acknowledged: “I think the net effect is the same. These companies would need your permission. “

He said his bill, if passed, would “put guardrails around these technologies.”

That would be good.

Technologies that intrude on your wellbeing have become so ubiquitous that there is a name for the industry: mHealth, as in “mobile health.”

The World Health Organization defines mHealth as the “use of mobile and wireless technologies to support the achievement of health goals.” The National Institutes of Health says it is “the use of mobile and wireless devices … to improve health outcomes, health care services and health research.”

Grand View Research predicts the market for these technologies will be worth nearly $ 150 billion by 2028.

However, there is very little regulatory oversight over how these software and hardware companies operate, or what they do with people’s medical information.

Will they use it to sell products to people? Will they share the data with insurers, employers, or companies that run background checks? Will this treasure trove of health information be stored in anticipation of future technological advances?

Medical technology is the most obvious example of how Silicon Valley’s relentless commitment to innovation far exceeds the laws and regulatory structure of the nation.

Amazon, for example, was once simply a bookstore. The company’s wide range of offerings now includes an online pharmacy, over-the-counter drugs and supplements, and, with its radar upgrade to Alexa, a device that will watch you all night while you sleep and share that stream of data with Amazon. .

Last week I asked the company some details about how the radar technology will work and what Amazon will do with the information. Nobody answered.

I asked again this week and also asked for some comment on Chau’s medical data bill. Nobody answered.

Chau, on the other hand, said he read my column on radar technology and found the idea “creepy”.

“The technology industry continues to create technologies that are increasingly intrusive to consumers,” he said.

Bye invoice It says that any company that offers “a personal health record system” to consumers “will not knowingly use, disclose or allow the use or disclosure of personal health record information without a signed authorization.”

“The bill would also prohibit the recipient of personal health record information … from further disclosing health record information unless pursuant to a new authorization,” he says, making it clear that his medical information is not it can be shared with others in the future without you saying so.

Chau said it has been an uphill battle to move this bill through the Legislature amid intense lobbying by the tech industry to remove it.

“Big Tech is in opposition, big time,” he said.

That is to put it mildly. The California Chamber of Commerce, speaking on behalf of a dozen major tech organizations, says Chau’s bill is “too broad” and would “dramatically expand” the types of businesses and products subject to the company’s medical privacy law. condition.

This, in turn, would have the effect of “significantly altering the market, availability, and cost of everyday health products for Californians.” says the camera.

For the Apples and Amazons of this world, that’s not ideal. For the rest of us, well, a little interruption is precisely what is needed.

Chau also suspects that there is a broader purpose among AB 1436’s opponents.

He noted that if California passes a law that holds technology companies responsible for people’s medical data, this could lead Congress to similarly amend the main federal medical privacy law, the Health Insurance Portability and Responsibility Law.

The federal law, known as HIPAA, is woefully out of date. Amazon was still a newly created bookseller when the law was enacted in 1996. Apple was on the ropes, its sales plummeting. Google would not appear for two years.

Now each of these companies has microphones and cameras in millions of homes, and each has made it clear that medical technology is a large part of their respective futures.

Chau is not a Luddite. Accept the importance of medical technology. He just wants to make sure consumers are protected as these powerful privately controlled capabilities reshape society.

“Technologies like this are valuable,” said Chau. “But when you collect and transmit information like this, you need to give people a voice.”

It is not too much to ask. Our legislators should ignore Big Tech lobbyists and pass AB 1436.

Leave a Reply

Your email address will not be published. Required fields are marked *