BILL NUMBER: S929
SPONSOR: KRUEGER
 
TITLE OF BILL:
An act to amend the general business law, in relation to providing for
the protection of health information
 
PURPOSE OR GENERAL IDEA OF BILL:
This bill would govern companies that collect and sell healthcare infor-
mation and provides additional rights and protections to users related
to the sale and of their private health information.
 
SUMMARY OF SPECIFIC PROVISIONS:
Section one amends the general business law by adding a new article
42-A. Section two provides a severability.clause.
Section three establishes the effective date.
 
JUSTIFICATION:
Most residents of the State are under the impression that. HIPAA
protects them and their health data from being accessed by third parties
and sold by and to other organizations. Residents are generally unaware
that their technology is constantly tracking their movements, and geolo-
cation data is being sold to companies for the purposes of targeted
advertisements or tracking. Most users also do not have an understanding
of how much information is being collected, stored, and sold for the
benefit of third parties. For example, a mobile app to track menstrua-
tion cycles was recently caught selling users' data to antiabortion
advocacy organizations.
This bill creates a legal framework for residents to reclaim and retain
control of their healthcare information. Electronic apps or websites,
that are designed to provide a diagnosis or retain health information
will be required to receive affirmative consent by the user to retain
such information and would provide users the ability to rescind such
consent. The bill also provides a legal remedy for those whose data was
improperly collected or used.
 
PRIOR LEGISLATIVE HISTORY:
2023-24:158-e/A.4389d - Passed Senate/Died on Third Reading
2022- New Bill
 
FISCAL IMPLICATIONS:
None to the State.
 
EFFECTIVE DATE:
One year.