
US lawmakers push to curb AI health data sharing with new Health and Location Data Protection Act
Published by AINave Editorial • Reviewed by Ramit
US lawmakers are moving to close a growing privacy gap: the sale of health data that users share with AI chatbots. A new version of the Health and Location Data Protection Act, introduced by Senator Elizabeth Warren and Representative Mary Gay Scanlon, would ban the sale of health data collected in AI chatbot sessions and extend protections to prevent data brokers from accessing that information. For AI builders, this signals that health data privacy is becoming a regulatory priority as more AI tools encourage users to upload sensitive medical information.
What happened
Warren and Scanlon plan to introduce an updated version of the Health and Location Data Protection Act that specifically covers data entered into AI systems. The bill would ban companies from selling health data collected through chatbot interactions and would also restrict data brokers from obtaining that data. The proposal follows a wave of AI health tool launches: in January, Elon Musk publicly called for users to upload medical records to Grok, xAI's chatbot. OpenAI introduced ChatGPT Health, a sandboxed tab for medical records, and Anthropic launched Claude for Healthcare, a HIPAA-ready tool for individuals and providers.
Why AI builders should care
Most AI chatbots have terms that allow conversations to be used as training data or sold. If this bill passes, any product that collects health-related information through an AI interface will need to ensure that data cannot be sold or shared with brokers. This affects not only dedicated health tools but any chatbot that might receive health information from users. The proposal reflects a broader push for GDPR-like privacy protections in the US, which could reshape how AI companies handle user data across all verticals.
Practical implications
For teams building AI products, the immediate takeaway is to review data handling practices for any health-related inputs. If your chatbot or agent processes medical records, MRI scans, or symptom descriptions, you may need to update terms of service, implement stricter data retention policies, and ensure that data is not sold or used for training without explicit consent. The bill also targets data brokers, so any pipeline that shares anonymized or aggregated health data with third parties could be affected. Apple's Siri privacy framework, which forbids collection of user data even when handing off to ChatGPT or Gemini, offers one model for compliance.
Caveats
This is a proposed bill, not an enacted law. The legislative process may take months or years, and the final version could differ significantly. The article notes that piecemeal legislation like this "will always leave the law lagging behind technology" and that a comprehensive federal privacy law akin to GDPR would be more effective. Additionally, generative AI remains unreliable for medical advice, and sharing health data with any chatbot carries inherent risks regardless of legal protections.
FAQs
What is the Health and Location Data Protection Act and who does it affect?
The Health and Location Data Protection Act is a proposed federal privacy bill that would ban the sale of health data collected in AI chatbot sessions and extend protections to prevent data brokers from accessing such data. It would affect any company that collects health information through AI systems, including chatbot providers and data brokers.
Can health data shared in AI chatbot sessions be sold under current law?
Under current law, many AI chatbot terms allow conversations to be used as training data or sold. The proposed act would specifically ban the sale of health data entered into AI systems, indicating that current protections are insufficient and that a new law is needed to close this gap.
Which AI health tools are mentioned in the proposal (e.g., Grok, ChatGPT Health, Claude for Healthcare)?
The proposal references several AI health tools that encourage users to upload medical data: Grok by xAI, OpenAI's ChatGPT Health, and Anthropic's Claude for Healthcare. These examples illustrate the growing trend of AI platforms handling sensitive health information and the privacy risks involved.
How do privacy laws like GDPR or HIPAA relate to AI health data protections?
The article notes calls for a US federal privacy law similar to the EU's GDPR, which provides broad data protection. HIPAA-ready tools like Claude for Healthcare exist but only cover specific healthcare contexts. The proposed act would fill gaps by directly addressing AI chatbot data sales and broker access.
Sources
- Law proposed to ban AI companies from selling your health data
- Law proposed to ban AI companies from selling your health data
- Congress wants to ban AI companies from selling your health data
- Lawmakers Push to Ban AI Companies Selling Health Data
- Regulation of Digital Healthcare in India: Ethical and Legal Challenges
- US Lawmakers Seek Ban on Selling AI Chatbot Health Data
- Lawmakers want to ban AI companies from selling your health data
- New bill aims to stop chatbots from selling your health data
- FTC to Ban Kochava and Subsidiary from Selling Sensitive ...
- How proposed AI enforcement moratorium cuts into US state ...
- Regulations.ai - Global AI Law & Policy Tracker
- Artificial Intelligence 2025 Legislation
- Florida county unanimously moves to ban AI data centers before the state can step in
- New Bill Aims to Stop Chatbots from Selling Your Health Data






















