Bizer & DeReus

The NIH’s Proposed Autism Database: How AI Surveillance Threatens Patient Privacy and Civil Rights

By Garret S. DeReus

A potential plan by the National Institutes of Health (NIH) to construct a massive database of American medical records for analysis by artificial intelligence (AI) is generating significant concern. Based on information published by the NIH on April 21, 2025, this initiative aims to collect health data on an unprecedented scale. While framed as a way to accelerate medical breakthroughs, the proposal raises serious red flags for privacy, data security, and fundamental civil rights.

The Proposed National Health Database and AI

According to the NIH presentation, the organization is developing a “Real-World Data Platform” aimed at integrating diverse health information from across the United States. The initiative would collect data from multiple sources including pharmacy chains, health organizations, clinical records, billing claims, environmental data, and wearable sensors. According to the NIH, this comprehensive database would enable real-time health monitoring, support national disease registries, accelerate drug development, create valuable longitudinal datasets, assist with regulatory approvals, and facilitate research competitions.

The information on this proposal was published in a slide show entitled “NIH Director’s Update,” in a 17-page PDF document. Rather than a detailed research article, it’s a visually-oriented presentation with numerous stock photos, minimal text, and basic diagrams that outlines broad concepts without substantial implementation details. The presentation, delivered by Jay Bhattacharya, M.D., Ph.D. (the new NIH Director who transitioned from Stanford University), highlights several priorities including an initiative to understand Autism Spectrum Disorder (ASD), improving population health, ensuring reliable scientific results, making significant advances in biomedical research, maintaining safety and transparency, and encouraging academic freedom. While the presentation mentions the data platform, it provides little concrete information about privacy protections, opt-out mechanisms, or specific data governance structures. This lack of transparency in the presentation itself mirrors the larger opacity surrounding the entire initiative.

Concerningly, the NIH slide deck explicitly states that the NIH intends on obtaining patient health data from “pharmacy chains” and “sensors & wearables” companies without providing any legal framework or authority under which the NIH would obtain these highly personal medical records. There does not appear to be any legal basis for the NIH to seek access to all patient information from private companies or health data from personal devices without explicit patient consent. This glaring omission raises serious questions about whether existing privacy laws like HIPAA are being properly considered, and whether patients would have any meaningful control over their most sensitive health information being harvested for this national database.

Grave Concerns: Privacy, Security, and Misuse

The creation of such a centralized or interconnected health data repository is fraught with peril. As advocates for individual rights, we see several immediate concerns:

  • Profound Privacy Risks: Health information is intensely personal. Can such data truly be anonymized when aggregated on a national scale? The risk of re-identification, exposing sensitive conditions or genetic predispositions, is significant.
  • Massive Security Vulnerabilities: A database of this nature would be an irresistible target for hackers and potentially hostile actors. A breach could expose millions to identity theft, discrimination, and unimaginable personal distress.
  • Potential for Discrimination: How will this data be used? Could AI analysis, even if initially for research, lead to biased outcomes? Could it be accessed or repurposed by insurers, employers, or government agencies in ways that harm individuals based on their health profile?
  • Bias Amplification: AI systems can inherit and even amplify biases present in the data they are trained on. If existing health disparities are reflected in the data, the AI could perpetuate inequitable healthcare outcomes.
  • Lack of Control and Consent: How will individuals consent to their deeply private information being included? Will Louisiana residents have a meaningful choice, or will their data be swept up without clear, affirmative consent?
  • Algorithmic Transparency: The NIH has provided no explanation of how decisions would be made within their AI system, creating a dangerous “black box” problem. Patients might never understand why certain conclusions were drawn from their data, or how those conclusions might affect their healthcare or other aspects of their lives.
  • Inability to Withdraw Consent: Once personal health data enters this system, it appears patients would have no mechanism to withdraw their information. This permanent data capture represents a troubling departure from established ethical principles of patient autonomy and control over personal medical information.

Equally troubling are the profound operational unknowns surrounding the AI itself. It is currently unclear which company or companies operating an AI system would assemble this sensitive health data, potentially into a Large Language Model (LLM). Critically, we don’t know how, or even if, that health data or the training derived from it would be segregated from the primary LLM accessible for commercial use by the provider.

Furthermore, crucial questions must be raised about how long individual health data is to be retained within the model’s parameters. Compounding this lack of clarity is the absence of any defined process for correcting errors or misstatements within a person’s medical record once it’s integrated in the AI system. If there is no way to correct inaccurate data, and if this information is used to inform individualized medical care decisions, people could suffer harm based on erroneous information. Even if restricted solely to research, the integrity of any findings becomes questionable if based on flawed data – the old idiom “garbage in, garbage out” certainly appears to apply.

Troubling Leadership Attitudes and Data Use Fears

Compounding these technical and ethical concerns are questions about the perspectives of those overseeing our health agencies. For instance, on April 16, 2025, Robert F. Kennedy, Jr., head of the U.S. Department of Health and Human Services (HHS), reportedly made deeply troubling remarks about individuals with autism, stating: “These are kids who will never pay taxes, they will never hold a job, they will never play baseball, they will never write a poem, they will never go out on a date[.]”

This statement reflects a profound misunderstanding of autism. It’s crucial to recognize that autism exists on a spectrum. While some individuals with autism require significant support, many others lead fulfilling lives, hold jobs, pay taxes, form relationships, and contribute uniquely to society. Many possess exceptional skills in specific areas, while others navigate the world differently than neurotypical individuals but are perfectly capable. To paint everyone with autism with such a broad, negative brush is inaccurate and offensive.

This raises a critical question regarding the proposed NIH database: If leadership within our national health apparatus holds such misguided views about certain disabilities, what assurances do we have that data identifying individuals with those conditions will be used appropriately? The concern becomes: Is this data going to be collected and potentially used for an improper purpose, guided by prejudice rather than objective science or individual well-being? When the issue is framed incorrectly from the start by policymakers, the potential for misuse of powerful tools like AI analyzing sensitive health data increases dramatically.

The contradiction here is particularly striking: the NIH presentation explicitly highlights an initiative to understand Autism Spectrum Disorder (ASD), while the Secretary of HHS simultaneously demonstrates a fundamental lack of understanding about the very condition they purport to study.

Furthermore, while the NIH presentation prominently features “maintaining safety and transparency” as a core value, the complete absence of implementation details about data governance, privacy controls, or ethical oversight reveals a stark disconnect between stated principles and actual practice. This fundamental contradiction between proclaimed transparency and actual opacity should concern every American whose medical data might be swept into this system.

Seeking Transparency in Louisiana: Avenues for Information

Given the potential reach of federal initiatives and the sensitivity of the data involved, understanding the landscape is crucial. Concerned citizens often seek information directly from government agencies. While this article does not provide legal advice, it’s worth noting that mechanisms exist for the public to request information.

Federal Level – Freedom of Information Act (FOIA): The federal FOIA provides a process for citizens to request records from federal agencies. Agencies like the NIH and HHS fall under FOIA. Information one might seek through such a process could potentially include:

  • Documents detailing plans or pilot programs for national health databases using AI.
  • Information about data sharing policies between federal and state entities or private providers.
  • Records concerning privacy safeguards, security protocols, or anonymization techniques under consideration or in use.
  • Details on how data related to specific conditions might be handled or analyzed.
  • Information regarding potential AI vendors, data handling agreements, retention schedules, or processes for data correction.

State Level – Louisiana Public Records Act (PRR): At the state level, the Louisiana Public Records Act (La. R.S. 44:1 et seq.) establishes procedures for requesting access to public records from state agencies. The Louisiana Department of Health (LDH), among other bodies holding health-related data, is subject to this Act. Examples of information potentially available via this route might involve:

  • Agreements or communications regarding the sharing of Louisiana residents’ health data with federal agencies for large-scale analysis.
  • Current practices detailing what types of health information are shared with federal entities.
  • State-level policies concerning patient privacy and consent for data sharing beyond direct care.
  • Information on any existing mechanisms for patients to review or request corrections to their health records managed or shared by state entities.

Seeking transparency allows for greater public awareness and informed discussion about initiatives that could significantly impact citizens. Understanding the specifics of data collection, usage, and protection is often a key step in advocating for responsible practices.