Lack of Clarity in Trump's Big Tech Health Data Plan Worries Consumer Advocates
Though the White House’s plans to collaborate with tech companies in building a health data-sharing system could ultimately result in a beneficial network, its current lack of clarity and transparency about data protections is concerning, consumer advocates said.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Announced last week, the administration has announced partnerships with more than 60 companies, including Apple, Google, Samsung, Amazon, OpenAI, Anthropic, Oracle and Athenahealth, where individuals can submit their health data to a system run by private tech firms, in order for them to be able to make predictions and informed choices when it comes to their health and medical care (see 2507310067).
For example, Center for Democracy & Technology (CDT) Senior Counsel Andrew Crawford agreed with some of the plan's goals. Improving “the interoperability of health records ... [and] communication between patients and their doctors [and] between their providers,” are worthy initiatives, he said. He noted, however, in theory, that’s what the Health Insurance Portability and Accountability Act (HIPAA) does.
If elements of the White House plan "can further reduce patient burdens and create better" care … I don't know who would argue against that?”
Where Crawford is cautious is that "in addition to streamlining a lot of the HIPAA elements, [the plan] also has components where private entities, like commercial companies, are involved in the collection of health data.”
That data, Crawford said, could be exactly what your doctor has, but since it's from wearables or fitness trackers or other devices, HIPAA doesn't protect it. Instead, any privacy protections for that data will be outlined in the private entity’s privacy policy and terms of service, which can be hard for consumers to understand, if they read them at all.
Such privacy policies are often “written [in] very dense legal parlance that is not as digestible as I think it should be,” and consumers “need to really be proactive in taking the time to see ‘How is this company that I'm going to be sharing very sensitive data with going to handle my data?’” and if they’re comfortable with that.
Hayley Tsukayama, associate director of legislative activism at the Electronic Frontier Foundation (EFF), said that "when both the government and private tech firms can access this information, it can blur the lines for consumers about what protections they have under law.”
“There are many unanswered questions” in the Trump plan, she added in an email to us. "For example, what information will be considered protected under [HIPAA]?" Some of the companies named in the plan announcement lack divisions that deal with health data, she noted.
Similarly, Crawford said he'd "love to see more clarity around the public-facing companies involved in the program and the data practices that are going to be associated" with them. Encouraging consumers to share health information with these companies will require "clarity around the privacy practices that are going to be associated with that sharing.”
“The status quo is not ideal" for consumers and patients "in that space ... because it's on [them] to do that work to figure out” what happens with our health data, Crawford added. “There's all these outstanding questions and potential harms that exist in our current system, and I fear that those are just going to continue ... unless there's more clarity ... [and] impetus to implement meaningful privacy protections for health data, especially health data outside of HIPAA.”
Tsukayama said that “it’s hard to say what people should do" now to safeguard their information, "as many details about this proposal are still largely a mystery,” but “as a general rule, individuals should think about what makes sense for their own health outcomes.”
For instance, “There may be cases when it’s helpful, for example, to have regular or automated data-sharing with a physician for chronic conditions that require careful monitoring,” she added. “If they have the information they need to make those decisions, people can weigh the pros and cons for themselves," without being "afraid to ask for alternatives, or to turn down participation in programs that make [them] uncomfortable."
The White House press release announcing the plan said that the health-sharing would be voluntary, and President Donald Trump reiterated that it would be an opt-in system during a press conference (see 2507310067).
But for those who choose to opt-in, Crawford said, “another concern is … how the government would potentially access and/or use the health information collected,” as “there's a lot of unanswered questions there too.” For example, he said, will the government have access to the information shared? If so, what components? What are those components using the data for?
For Tsukayama, apps that result from this partnership "should be clear about how they collect and use data, and why.” The non-HIPPA entities “should respect the confidentiality of medical treatment,” and “any information they collect shouldn’t be used for other purposes without a patient’s consent.”
She's particularly concerned about consumers submitting medical information to get healthcare. That private data shouldn't "end up in the hands of law enforcement, with a data broker who struck a deal with one of the private firms." It shouldn't be used in an AI training model either, she added. “Any programs must also give people control over how their information will be used. Crucially, if people don’t want to participate in these programs, they shouldn’t have to. They should be able to say 'no' without worry[ing] that doing so will lower their ability to receive quality healthcare.”