The Body: HIV and Data Privacy: What’s at Risk, and What You Can Do
This recent TheBody article about HIV and data privacy explores urgent concerns surrounding the use—and potential misuse—of molecular HIV surveillance (MHS) data. Originally collected under the CDC’s 2018 mandate for resistance testing to help track transmission clusters, these genetic data can be reported silently to state health departments and the CDC. While no known criminal prosecutions have yet used MHS data, the report highlights growing worries that the Trump 2.0 administration’s expanding “de-siloing” of sensitive government-held datasets—such as merging Social Security, medical, immigration, and public health records—could inadvertently expose people living with HIV to legal and social harms.
Advocates convened on June 18 in a webinar titled Fight for Firewalls: HIV and Health Data Privacy in the Snowballing Surveillance State, hosted by AVAC and featuring CHLP Staff Attorney Kae Greenberg. Greenberg emphasized that while data might originally be gathered for public health, in present circumstances “data collected with good intent can be used against people if shared or combined with another data set.” Greenberg critiqued HIPAA’s ineffectiveness as “a sieve rather than a wall, it has so many holes in it,” stressing that legal protections remain inadequate.
Greenberg urged organizations to challenge data-sharing requests, stating, “we don’t know how it’s being used yet,” and warned of legal loopholes that allow non-warranted data use in court. He highlighted the role of CHLP’s 2024 Model Policy on Data Privacy in equipping stakeholders to demand patient consent and reject automatic compliance. He encouraged health providers and people living with HIV to proactively discuss data-sharing practices: “Talk to your doctor about it… a lot of them are not aware… and are shocked and horrified to learn about them.”
