PRESS RELEASE: EPIC Releases New Report on Protecting Health Privacy in the Digital Age 

WASHINGTON, DC — Today the Electronic Privacy Information Center (EPIC) released Beyond HIPAA: Reimagining How Privacy Laws Apply to Health Data to Maximize Equity in the Digital Age. The report examines and proposes solutions to the health data privacy crisis—a product of unregulated digital technologies, weak privacy laws, the criminalization of many forms of health care, and growing federal attacks on marginalized communities.  

Through commercial surveillance, our health data is extracted to profile us, reveal our health conditions, manipulate our behavior, and charge us more for care. These exploitative data practices worsen our health outcomes: without privacy protections, people are pushed away from care. Privacy leads to trust; trust leads to better health outcomes and improved health equity. 

Beyond HIPAA lays out the ways Big Tech is harming our health and wellbeing. Big Tech is the architect of the commercial surveillance apparatus that extracts our health and other sensitive personal information. The profiles generatedfrom this data can make health care more difficult and expensive to access as a result of targeted advertising, surveillance pricing, and sales by data brokers to insurance providers.  

“We face a health privacy crisis where care is inaccessible due to criminalization, costs, stigma, and the rise of government intrusion into medical care which forces people to delay or retreat from care, worsening their health,” said Sara Geoghegan, EPIC Senior Counsel. “When our health data is harvested, sold, and used in harmful ways—like for targeted ads or to set our insurance rates—people’s trust in our health system breaks down even further.” 

The health privacy crisis has only deepened under the collusive alliance of Big Tech and the current administration, which has slashed Medicare, deregulated health technologies, obliterated internal privacy safeguards, sent ICE agents to hospitals, and pushed people towards short term insurance plans which don’t offer the same protections as traditional plans. These actions show why privacy protections for health-related information, which largely falls outside of HIPAA coverage, are so crucial. Today our health information is even more valuable and vulnerable to insurers, advertisers, and tech companies. And as Beyond HIPAA sets out, the health privacy crisis disproportionately affects marginalized communities that already face criminalization and stigma or that have fewer resources to remedy the harms that commercial surveillance causes.  

Beyond HIPAA covers numerous aspects of the health privacy crisis: the direct, negative health outcomes this crisis causes; the commercial surveillance ecosystem in which thousands of data points are processed to reveal and profit from our health conditions; the rampant breaches of health data that erode trust in health services; the lack of regulation for AI tools used in health contexts, including the apps, chatbots, and websites many consumers consult for medical advice; and the unique harms that unregulated technologies pose to the health and wellbeing of minors. Beyond HIPAA proses a robust data minimization standard as the foremost solution to build a more privacy-protective and healthier future. 

“We cannot trust tech billionaires that peddle their unregulated technologies, profile us based on our health conditions, and use the federal government to demand more data about us to help us access quality health care,” said Sara Geoghegan, EPIC Senior Counsel. “We can build a safer, freer, more privacy-protective future in which the wellbeing of all people is prioritized over the interests of a few powerful companies.” 

EPIC will host Beyond HIPAA: Reimagining How Privacy Laws Apply to Health Data to Maximize Equity in the Digital Age on Wednesday, January 21 at 2 p.m. EST. Panelists will discuss how a lack of privacy protections for health data leads to worse health outcomes and inequities. 

Read the report here.

About EPIC 
The Electronic Privacy Information Center (EPIC) was established in 1994 to protect privacy, freedom of expression, and democratic values in the information age. Our mission is to secure the fundamental right to privacy in the digital age for all people through advocacy, research, and litigation.