Sen. Bill Cassidy (R-La.) introduced a bill this month to protect people’s privacy and consent when they use wearables that track health data.

Cassidy’s bill, the Health Information Privacy Reform Act, would require wearable developers to explicitly notify users that HIPAA’s privacy rules won’t protect their data and offer opt-out features for users who don’t want their data shared.

The bill also calls on U.S. Health Secretary Robert F. Kennedy Jr. to direct the National Academies of Sciences, Engineering and Medicine to study the ethics and implications of paying people to share their health data for research purposes.

According to Cassidy, wearables like smartwatches or Fitbits can be “helpful tools” for managing a patient’s health. However, they also create “privacy concerns that didn’t exist when it was just a patient and a doctor in an exam room.”

“Let’s make sure that Americans’ data is secured and only collected and used with their consent,” he said in a statement.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs traditional provider-patient interactions. “However, HIPAA is failing to keep up with consumer health products that connect individuals to health tools outside of the doctor’s office,” Cassidy’s press release stated.

Ted Claypoole, legal expert and cyberspace law committee chair of the American Bar Association, who reviewed Cassidy’s bill, told The Defender it addressed “some of the obvious holes” in current HIPAA coverage.

However, Claypoole said the legislation “does not seem to address the other major privacy concern of location tracking.” He said he would like to see federal legislation that limits companies’ ability to track and share people’s locations.

State bills target ‘neural data’ concerns

Cassidy’s bill is part of a trend among federal and state lawmakers to address privacy and consent concerns arising from wearables.

In April, several Democratic senators asked the Federal Trade Commission to protect consumers’ neural data from being exploited or sold. Neural data can reveal a person’s mental health conditions, emotional states and cognitive patterns.

Wearables that track neural data via EEG (electroencephalogram) waves that detect electrical activity in the brain are already on the market. For instance, Neurable sells a noise-cancelling headset with EEG sensors for $499 that the company says boosts focus and lowers stress.

Emotiv’s Bluetooth-enabled ear buds, priced at $399, also use EEG sensors to measure brainwaves.

Massachusetts is among several states that have introduced legislation seeking to protect people’s neural data. And lawmakers in Illinois are considering a bill that would update the state’s Biometric Information Privacy Act to require written consent from wearables users before companies collect their neural data.

In Minnesota, lawmakers are considering a bill that would require companies and governmental agencies to obtain informed consent before collecting neural data.

State Sen. Eric Lucero, the bill’s primary author, told The Defender he’s concerned that private sector companies, government agencies, and individual threat actors pose a risk to manipulating people’s neural data without their consent.

Lucero, a technologist who worked in cybersecurity for over 20 years before taking office, said he first proposed a version of the bill in 2020, several years after Google Glass first came out. Google’s product used eye movements, rather than a mouse and keyboard, to connect a person to a computer.

That’s when Lucero realized that the human-computer interface was evolving and computers would likely soon be able to directly connect to people’s brains — as Elon Musk has done with his Neuralink brain implant.

As of Sept. 10, a dozen people have been implanted with Neuralink, according to PC Mag.

“If the technology exists to read brainwaves, it’s a hop, skip, and a jump to be able to have the technology to write brainwaves,” Lucero said. In other words, it may soon be possible for someone to manipulate a person’s brainwaves.

Lucero pointed out that several movies in recent years, including “Inception” and “Johnny Mnemonic,” depicted characters who had thoughts implanted by people outside of them.

Five years ago, Lucero’s bill didn’t get much traction, but now that’s changing. This year, state Sen. Erin K. Maye Quade, a member of the Democratic-Farmer-Labor Party, joined him in co-sponsoring the legislation.

If passed, the bill would make it illegal for a person, company or agency to read or implant thoughts or brainwaves into a person’s mind without their consent.

Lucero added:

“I have no problem if people want to share their data with technology companies or any other relationship that’s outside of the patient-doctor relationship, that’s fine. It just needs to be done with affirmative consent — not a passive or an implied consent.

“And not a default position of it is assumed you’re opted in unless you expressly opt out. It needs to be that you are opted out as the default position unless you affirmatively opt in.”

In 2021, Chile became the first country in the world to amend its constitution to protect people’s neurodata and mental privacy.

Wearables a contentious issue among health freedom advocates

Both wearables and implants that track biometrics not only pose privacy and consent concerns but also may increase the user’s exposure to wireless radiation, according to Miriam Eckenfels, director of Children’s Health Defense’s (CHD) Electromagnetic Radiation (EMR) & Wireless Program.

She noted that Kennedy caused an uproar among supporters when he said during his June congressional testimony:

“We’re about to launch one of the biggest advertising campaigns in HHS [U.S. Department of Health & Human Services] history to encourage Americans to use wearables … my vision is that every American is wearing a wearable within four years.”

“We do not share this vision,” Eckenfels said. “Quite the contrary, we oppose governmental pressure to incentivize the widespread use of wearables. They pose serious health risks, especially to children, and they threaten privacy.”

Kennedy later clarified in a conversation with author Charles Eisenstein that he simply wanted wearables to be “universally available as one of the ways people can get on top of their health.”

Kennedy told Eisenstein:

“Of course I don’t want to mandate it. And the idea of everyone’s body being hooked up to a data center somewhere is horrifying. This data should be private, and when it is shared with the device provider it must be subject to health privacy laws.”

Eisenstein was Kennedy’s chief speechwriter during his presidential campaign and recently moderated a panel of “spellers,” non-speaking young adults with autism, at CHD’s “Moment of Truth” conference last weekend.

When The Defender asked if Kennedy supported Cassidy’s bill, an HHS spokesperson said HHS does not comment on potential or pending legislation.

Cassidy did not immediately respond to our comment request.

[…]

Via https://childrenshealthdefense.org/defender/cassidy-introduces-bill-require-clear-consent-wearables-share-users-health-data/?utm_id=20251116