Skip to main content
PoliticsJun 30, 2026· 3 min read

Chatbot, Health and Health Data: Proposed Legislation in the USA to Prevent Selling

Selling health and location data of U.S. citizens to a data broker would become illegal for any company, explicitly extending the ban to information entered by users in AI chatbots like ChatGPT or Claude. This is the crux of the new version of the Health and Location Data Protection Act that Senator Elizabeth Warren (D-MA) and Representative Mary Gay Scanlon (D-PA) intend to introduce in the coming weeks, according to a draft obtained by The Verge.

The first version of the bill, introduced in June 2022, only prohibited data brokers from collecting and reselling health and geolocation data. The rewritten version broadens the scope in two directions: it targets any company that sells that data to a broker, no longer just intermediaries, and explicitly includes data entered into artificial intelligence systems. It recognizes that the most sensitive data collection point is no longer just the tracking app, but the conversation with a conversational assistant.

FTC Rules and the Right to Sue

The text is co-sponsored by Senators Ron Wyden (D-OR) and Bernie Sanders (I-VT). Operationally, it would require the Federal Trade Commission (FTC) to issue implementing rules within 180 days and allocate $1 billion to the FTC over the next ten years for enforcement activities. Not only the federal agency would be able to act against violators: state attorneys general and individual citizens could also sue them.

The declared target remains the data resale market. Warren has linked the proposal to the growing uses of AI in healthcare: with an increasing number of people entering private clinical data into these tools, she said, it is essential to ensure that this information does not end up being exploited by the highest bidder, curbing brokers who profit immensely from selling Americans’ most sensitive information.

Why Now: Health Enters Chatbots

In January 2026, OpenAI launched ChatGPT Health, a dedicated space within the chatbot that allows users to connect medical records and wellness apps, separate from regular chats, and the company claims it is not used to train the models. In the same month, Anthropic introduced Claude for Healthcare, designed to be HIPAA-ready for individuals, healthcare providers, and hospitals, with connectors to CMS databases, ICD-10 codes, and the NPI registry. Also in January, Elon Musk publicly encouraged people to upload their medical records, including MRIs, to xAI's Grok chatbot.

The problem that the proposal aims to address is the near absence of a regulatory floor. The United States lacks a general federal framework on data privacy, despite years of unsuccessful legislative attempts. Today, notes Sara Gerke, a law professor at the University of Illinois Urbana-Champaign, the protection of data entrusted to tools like ChatGPT Health or Claude for Healthcare largely depends on what companies promise in their disclosures and terms of use. A framework made of voluntary commitments, not actionable obligations.

Currently, the measure has not yet been formally introduced: the two legislators announced its introduction in the coming weeks. The 2022 version never reached the finish line, and in a Congress that has struggled for years to pass comprehensive privacy legislation, the path remains uncertain. What changes is the target: for the first time, what is written to an AI assistant is treated as data to be protected.

Bluetti Elite 300: We Tested the World's Most Compact 3 kWh Power StationFewer Third-Party Games for the Future of Game Pass: A Leak Suggests a New Xbox Strategy