Public Health Emergency Privacy Act
This bill imposes requirements on covered organizations concerning the privacy, confidentiality, and security of COVID-19 (i.e., coronavirus disease 2019) emergency health data, which is data that is linked to an individual or device, such as test results. Covered organizations include those that collect, use, or disclose such data electronically or that develop or operate websites or applications for contact tracing and other COVID-19 response activities.
Among other actions, covered organizations must provide notice of privacy and other policies, as well as ensure the accuracy of, prevent discrimination based on, and limit disclosure of the data. Covered organizations that collect data from at least 100,000 individuals must publicly report additional information about how they use and disclose the data. The bill also prohibits the use of emergency health data for commercial advertising or in ways that restrict access to opportunities, services, and other accommodations.
In addition, government entities and covered organizations shall not use emergency health data to infringe on the right to vote. The Department of Health and Human Services must report on the civil rights impact of the collection, use, and disclosure of health data.
The bill provides for enforcement by the Federal Trade Commission, states, and a private right of action and specifies that pre-dispute resolution mechanisms, such as arbitration, are unenforceable with respect to disputes arising under the bill.