Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 116th Congress · S. 1842 (Introduced in Senate) — To protect the personal health data of all Americans. · Sec. 4

Sec. 4. Promulgation of regulations for operators of consumer devices, services, applications, and software

886 words·~4 min read·/bill/116/s/1842/is/section-4

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 6 months after the date on which the report is submitted under section 5(d), the Secretary, in consultation with the Chairman of the Federal Trade Commission, the National Coordinator, relevant stakeholders, and heads of such other Federal agencies as the Secretary considers appropriate, shall promulgate regulations to help strengthen privacy and security protections for consumers’ personal health data that is collected, processed, analyzed, or used by consumer devices, services, applications, and software.
The Secretary shall ensure that the regulations pursuant to subsection (a)— account for differences in the nature and sensitivity of the data collected or stored on the consumer device, service, application, or software; and include such definitions for relevant terms that are necessary to accomplish the goals of the regulations set forth in subsection (a). In the promulgation of regulations under subsection (a), the Secretary, to the extent practicable, shall— consider the findings in the report issued by the Department of Health and Human Services to Congress entitled Examining Oversight of the Privacy & Security of Health Data Collected by Entities Not Regulated by HIPAA , including findings regarding individuals’ access rights, re-use of data by third parties, security standards applicable to data holders and users, confusion or ambiguity regarding terminology related to privacy and security protections, and the adequacy of collection, use, and disclosure limitations; consider other regulations and guidance issued by the Federal Trade Commission, and other regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 ( 42 U.S.C. 1320d–2 note), subtitle D of the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17921 et seq.), Genetic Information Nondiscrimination Act ( Public Law 110–233 , 122 Stat. 881), the Common Rule as contained in part 46 of title 45, Code of Federal Regulations, and other related Acts; consistent with paragraph (3), consider appropriate uniform standards for consent related to the handling of genetic data, biometric data, and personal health data; consider exceptions to consent requirements under subparagraph
(C)for purposes that may include law enforcement, academic research or research for the sole purpose of assessing health care utilization and outcomes, emergency medical treatment, or determining paternity; consider appropriate minimum standards of security that may differ according to the nature and sensitivity of the data collected or stored on, or processed or transferred by, the consumer device, service, application, or software; consider appropriate standards for the de-identification of personal health data; consider appropriate limitations on the collection, use, or disclosure of personal health data to that which is directly relevant and necessary to accomplish a specified purpose; consult with the National Coordinator, the Commissioner of Food and Drugs, and the Chairman of the Federal Trade Commission; and provide for initial and ongoing outreach regarding regulations affecting industries, businesses, and individuals to ensure awareness of consumer privacy and security protections in the field of digital health technology. In the review of each of the areas described in paragraph (2)(C), the Secretary shall consider— the development of standards for obtaining user consent based on how information will be shared to ensure that prior to the collection, analysis, use, or disclosure of consumers’ personal health data, an operator of a consumer device, service, application, or software specifies the uses of the personal health data and who will have access to the information; the manner in which consent is obtained in a way that uses clear, concise, and well-organized language that is easily accessible, of reasonable length, at an appropriate level of readability, and clearly distinguishable from other matters; a process to limit the transfer of personal health data to third parties and provide consumers with greater control over how their personal health data is used for marketing purposes; secondary uses outside of the primary purpose of the service as initially indicated when consent was first obtained; a process to permit a withdrawal of consent to ensure that a user is able to remove consent for the terms of service for use of the consumer device, service, application, or software, including the collection and use of personal health data as easily as the user is able to give such consent; providing a right to access a copy of the personal health data that the operator has collected, analyzed, or used, free of charge and in an electronic and easily accessible format, including a list of each entity that received the personal health data from the operator, whether through sale or other means; and providing a right to delete and amend personal health data, to the extent practicable, that the operator has collected, analyzed, or used. The Secretary shall review and, if necessary, update the regulations promulgated under subsection
(a)in accordance with the requirements under subsection (b). The Department of Health and Human Services shall make prominently available to the public on the Department’s internet website, clear and concise information about available resources related to the regulations promulgated under subsection
(a)and all updates to such resources. If a Federal agency publishes resources to help protect consumers’ personal health data, the head of such Federal agency, to the degree practicable, shall make such resources consistent with the regulations promulgated under subsection (a). Nothing in this section shall be construed to supersede, alter, or otherwise affect any privacy and security requirements enforced by Federal agencies.
Connectionstraces to 1
Traces to 1 document
3 references not yet in our index
  • 42 USC 1320d–2
  • Pub. L. 110-233
  • 122 Stat. 881
Citation graph
cites case law
Sec. 4
Promulgation of regulations for operators of consumer devices, services, applications, and software
U.S.C.§ 17921
Cite42 USC 1320d–2
Pub. L.Pub. L. 110-233
Stat.122 Stat. 881
Cites 4Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.