House Panel Probes Health Apps to Protect Reproductive Health Data Privacy

July 11, 2022 - The House Committee on Oversight and Reform sent letters to five data brokers and five health apps as part of an investigation into their reproductive health data privacy practices. Led by Rep. Carolyn B. Maloney, chairwoman of the Committee on Oversight and Reform, Rep. Raja Krishnamoorthi, chairman of the Subcommittee on Economic and Consumer Policy, and Rep. Sara Jacobs, the committee requested information and documents related to the sale and collection of reproductive health data.

“The collection of sensitive data could pose serious threats to those seeking reproductive care as well as to providers of such care, not only by facilitating intrusive government surveillance, but also by putting people at risk of harassment, intimidation, and even violence,” the Representatives wrote. 

“Geographic data collected by mobile phones may be used to locate people seeking care at clinics, and search and chat history referring to clinics or medication create digital bread crumbs revealing interest in an abortion.”

The Representatives sent individual letters to SafeGraph, Digital Envy, Flo Health, Glow, Gravy Analytics, Placer.ai, Babel Street, Digitalchemy Ventures, GP International, and BioWink GmbH.

In its letters to health apps, the committee cited growing concerns surrounding data privacy and the potential consequences of poor health app data privacy practices, which could put people at risk of “intrusive government surveillance,” along with “harassment, intimidation, and even violence.”

READ MORE: Biden’s Reproductive Health Executive Order Outlines Patient Privacy Protections

The Representatives brought attention to a recent study published in JMIR mHealth and uHealth in which researchers found that 87 percent of the 23 most popular women’s health apps shared user data with third parties, but only half requested consent from their users.

With this in mind, the committee requested a variety of information from the five health apps in question, including all documents relating to the collection, retention, use, protection, or dissemination of reproductive health information.

The Representatives also requested all data privacy policies and procedures, all documents and communications with state and local governments about the collection, use, protection, retention, or dissemination of reproductive health information, and a list of all entities that have access to each company’s user data.

The letters also requested to view each company’s revenue and profits related to the sale of user data since 2017. All requested information must be provided to the committee by July 21, 2022, the letters stated.

In the case of the data brokers, the committee pointed to multiple investigations and reports of deceptive practices that could allow “bounty hunters” to track down people involved in providing or obtaining abortion care.

READ MORE: Abortion Restrictions Clash With HIPAA, Patient Privacy Protections

“We are alarmed by recent reports that data broker companies, which aggregate consumer data from various sources, are selling the location data of individuals who have used these services, potentially allowing the misuse of this sensitive information to invade the privacy of those seeking reproductive health care,” the letter to data broker Digital Envoy stated.

The committee requested that by July 21, the five data brokers provide information on all policies and procedures relating to the collection or purchase of location data surrounding specific locations, including geofencing. The letter also requested information on all policies relating to the use or transfer of “anonymized data” with respect to location data, and the number of individuals from whom each company collects or purchases location data.

Additionally, the committee asked for a list of each company’s trust partners who have provided or received location data, and a list of all mobile phone applications that the companies use to gather data, along with each company’s revenue and profits related to this data since 2017. The committee also requested a list of all purchasers of information relating to family planning or abortion clinics.

The probe follows multiple calls to investigate health apps, data brokers, and big tech companies on their data privacy practices. In late June, US Senators introduced the Health and Location Data Protection Act, which would ban data brokers from selling location and health data (with select exceptions for HIPAA-compliant activities, protected First Amendment speech, and authorized disclosures).

“Data brokers profit from the location data of millions of people, posing serious risks to Americans everywhere by selling their most private information,” Senator Elizabeth Warren (D-MA) stated in an accompanying press release. 

“With this extremist Supreme Court poised to overturn Roe v. Wade and states seeking to criminalize essential health care, it is more crucial than ever for Congress to protect consumers’ sensitive data. The Health and Location Data Protection Act will ban brokers from selling Americans’ location and health data, rein in giant data brokers, and set some long overdue rules of the road for this $200 billion industry.”