Op-Ed | Why New York must act now to protect our personal health data

In Nebraska, police criminally charged a mother after Meta turned over Facebook messages between her and her teenage daughter discussing how to obtain an abortion. In another state, a clinician reported a woman to Child Protective Services after the clinician accessed her electronic medical records and discovered she’d received an abortion in another state.

These cases reflect a stark reality. Patients seeking reproductive care must not only contend with anti-abortion laws and extremist politicians. They must also confront the growing risk that bad actors can access, share, and weaponize their private medical information, including here in New York.

Today, private health information moves quickly and widely between providers and across health systems. And it’s not just our medical records. New Yorkers constantly generate personal health data through fitness apps, period trackers, and even online searches—information that big tech companies collect, sell, and use with no safeguards.

While President Trump and other hostile politicians continue to launch attacks on reproductive and gender-affirming care at an alarming rate, the very tools designed to improve our health can also put patients at risk.

New York has long been a leader in protecting access to care. But without strong privacy protections, access alone is not enough. No one should have to face stigma, discrimination, and legal danger just to get the care they need.

That’s why state lawmakers in Albany must pass two critical bills this legislative session that will help ensure people have control over their most sensitive health information.

The Electronic Health Records Privacy Act focuses on what happens inside the health care system. Today, electronic health records are widely shared, meaning a patient’s full medical history—including abortion or gender-affirming care—can be accessed across providers, institutions, and state lines regardless of whether that information is relevant to the care they’re getting.

This legislation would empower patients to control their sensitive health records. Under the bill, they would get to decide who has access to their medical information, while still getting the benefits of coordinated care that electronic records provide.

The second piece of legislation, the New York Health Information Privacy Act, addresses what happens outside the doctor’s office. The bill would establish clear guardrails for commercial health data collected through apps, wearable devices, and online activity that can reveal deeply personal information about someone’s health. This would give people real control over their data and limit how big tech companies can use it.

Both bills are essential because health information no longer lives in one place. It moves across systems, platforms, and even state lines with the push of a button.

If we address medical records but ignore consumer data, patients remain exposed. If we regulate apps but ignore health records, sensitive information can still spread too broadly. We need a comprehensive approach that fully protects people’s privacy.

These protections will help build trust between patients and providers, so patients don’t forego the care they need, and are able to benefit from cutting-edge technology, without scarifying their safety.

At a time when hostile politicians are putting our fundamental rights under relentless attack, New York cannot afford to fall behind. Our state has the opportunity—and the responsibility—to set a nationwide example for what health privacy looks like given today’s realities.

No one should have to choose between their privacy and their health. Passing these two bills will ensure that in New York, we don’t have to.

This piece was originally published in amNY.