US lawmakers push to curb AI health data sharing with new Health and Location Data Protection Act
9to5mac.com

US lawmakers push to curb AI health data sharing with new Health and Location Data Protection Act

Tech News
3 min read

Published by AINave Editorial • Reviewed by Ramit

TL;DRUS lawmakers propose banning AI companies from selling health data collected in chatbot sessions, with a new version of the Health and Location Data Protection Act targeting data brokers and AI systems.

US lawmakers are moving to close a growing privacy gap: the sale of health data that users share with AI chatbots. A new version of the Health and Location Data Protection Act, introduced by Senator Elizabeth Warren and Representative Mary Gay Scanlon, would ban the sale of health data collected in AI chatbot sessions and extend protections to prevent data brokers from accessing that information. For AI builders, this signals that health data privacy is becoming a regulatory priority as more AI tools encourage users to upload sensitive medical information.

What happened

Warren and Scanlon plan to introduce an updated version of the Health and Location Data Protection Act that specifically covers data entered into AI systems. The bill would ban companies from selling health data collected through chatbot interactions and would also restrict data brokers from obtaining that data. The proposal follows a wave of AI health tool launches: in January, Elon Musk publicly called for users to upload medical records to Grok, xAI's chatbot. OpenAI introduced ChatGPT Health, a sandboxed tab for medical records, and Anthropic launched Claude for Healthcare, a HIPAA-ready tool for individuals and providers.

Why AI builders should care

Most AI chatbots have terms that allow conversations to be used as training data or sold. If this bill passes, any product that collects health-related information through an AI interface will need to ensure that data cannot be sold or shared with brokers. This affects not only dedicated health tools but any chatbot that might receive health information from users. The proposal reflects a broader push for GDPR-like privacy protections in the US, which could reshape how AI companies handle user data across all verticals.

Practical implications

For teams building AI products, the immediate takeaway is to review data handling practices for any health-related inputs. If your chatbot or agent processes medical records, MRI scans, or symptom descriptions, you may need to update terms of service, implement stricter data retention policies, and ensure that data is not sold or used for training without explicit consent. The bill also targets data brokers, so any pipeline that shares anonymized or aggregated health data with third parties could be affected. Apple's Siri privacy framework, which forbids collection of user data even when handing off to ChatGPT or Gemini, offers one model for compliance.

Caveats

This is a proposed bill, not an enacted law. The legislative process may take months or years, and the final version could differ significantly. The article notes that piecemeal legislation like this "will always leave the law lagging behind technology" and that a comprehensive federal privacy law akin to GDPR would be more effective. Additionally, generative AI remains unreliable for medical advice, and sharing health data with any chatbot carries inherent risks regardless of legal protections.

FAQs

What is the Health and Location Data Protection Act and who does it affect?

The Health and Location Data Protection Act is a proposed federal privacy bill that would ban the sale of health data collected in AI chatbot sessions and extend protections to prevent data brokers from accessing such data. It would affect any company that collects health information through AI systems, including chatbot providers and data brokers.

Can health data shared in AI chatbot sessions be sold under current law?

Under current law, many AI chatbot terms allow conversations to be used as training data or sold. The proposed act would specifically ban the sale of health data entered into AI systems, indicating that current protections are insufficient and that a new law is needed to close this gap.

Which AI health tools are mentioned in the proposal (e.g., Grok, ChatGPT Health, Claude for Healthcare)?

The proposal references several AI health tools that encourage users to upload medical data: Grok by xAI, OpenAI's ChatGPT Health, and Anthropic's Claude for Healthcare. These examples illustrate the growing trend of AI platforms handling sensitive health information and the privacy risks involved.

How do privacy laws like GDPR or HIPAA relate to AI health data protections?

The article notes calls for a US federal privacy law similar to the EU's GDPR, which provides broad data protection. HIPAA-ready tools like Claude for Healthcare exist but only cover specific healthcare contexts. The proposed act would fill gaps by directly addressing AI chatbot data sales and broker access.

Sources

Latest Tech News