Public Health Emergency Privacy Act
This bill imposes privacy, confidentiality, and security requirements on the use and disclosure of COVID-19 (i.e., coronavirus disease 2019) emergency health data. This is data that is linked to an individual or device, such as test results.
The requirements apply to organizations that collect, use, or disclose emergency health data electronically or that manage websites or applications for contact tracing and other COVID-19 response activities.
These organizations must provide notice of privacy and other policies. They must also ensure the accuracy of, prevent discrimination based on, and limit disclosure of the data. If an organization collects data from at least 100,000 individuals, it must publicly report additional information about how it uses and discloses the data.
Furthermore, the bill prohibits the use of emergency health data for commercial advertising or in ways that restrict access to opportunities, services, and other accommodations.
It also prohibits government entities and organizations from using this data to infringe on the right to vote. The Department of Health and Human Services must report on the civil rights impact of the collection, use, and disclosure of health data.
The bill provides for enforcement by the Federal Trade Commission, states, and a private right of action. It further specifies that certain dispute resolution mechanisms, such as arbitration, are unenforceable with respect to disputes arising under the bill.