“Data brokers” track, categorize and sell personal health information for marketing use, a new US Senate report reveals. Data groupings include rape victims and HIV-positive individuals, those with depression and dementia, and womens’ gynecologist visits.

Hundreds of so-called “data brokers” in the US maintain databases made up of Americans’ sensitive health details. A report by the Senate Commerce Committee says the companies are legally allowed to withhold from individuals what data is collected, how one is categorized and who buys the information.

The report on the global multi-billion dollar industry was released Wednesday ahead of a committee hearing on such practices. Though the report does not detail wrongdoing, it does point out the reams of consumer data made available to marketers in the digital era. The information is used for targeted advertising across the web.

“Millions of consumers are now using computers, smart phones, and tablets to make purchases, plan trips, and research personal financial and health questions, among other activities,” the Senate report explains. “These digitally recorded decisions provide insights into the consumer’s habits, preferences, and financial and health status.”

During the Senate Commerce Committee hearing on Wednesday, privacy groups warned how far some companies have gone to amass and sell a person’s confidential information.

“There are consumer list brokers that sell lists of individually identifiable consumers grouped by characteristics. To our knowledge, it is not practically possible for an individual to find out if he or she is on these lists,” said Pam Dixon, executive director of the World Privacy Forum, in her testimony. “If a consumer learns that he or she is on a list, there is usually no way to get off the list.”

Dixon named one broker, MEDbase200, that has auctioned off lists of rape and domestic violence victims.

The committee found another, Epsilon, that offered at least one list of people who allegedly have medical conditions including anxiety, depression, diabetes, high blood pressure, insomnia, and osteoporosis.

An Epsilon spokesperson Diane Bruno told the Wall Street Journal many consumers report the information themselves on the company’s opinion-research website, and that Epsilon cooperated with the Senate committee. Yet she defended the shielding of lists from individuals.

“We also have to protect our business, and cannot release proprietary competitive information, or information that we’re prohibited from releasing based on contractual agreements with our clients.”

The report showed Equifax, one of the biggest consumer credit reporting agencies in the US, keeps a database that includes women’s visits to gynecologists within the last year.

The largest broker, Acxiom, allows consumers to view and amend the data gathered on them, yet the company does not allow anyone to see how information on them is being used.

The Senate report says the assembled information does not stop with personal health. People’s incomes, home loans and pets, for example, are used to put individuals into groups like “rural and barely making it” and “ethnic city strugglers.”

A great deal of the consumer data collected by the companies is inaccurate, according to reporting by the Wall Street Journal.

In some cases, compiled databases reveal contact information that is not allowed to be made public, the report found.

“This is where lawmakers can work to remove unsafe, unfair, and overall just deplorable lists from circulation,” Dixon said during the hearing. “There is no good policy reason why unsafe or unfair lists should exist.”

A recent study by the Government Accountability Office found that federal law does not protect consumers’ right to know what is being collected or how the data is used.

The Fair Credit Reporting Act allows for consumers to correct any credit information an agency may provide to landlords, employers, banks and others. The Health Insurance Portability and Accountability Act bars health providers and insurance companies from offering patient information to outside entities. Yet that federal law does not cover data-mining brokers that sell health profiles. The Federal Trade Commission has called on brokers to be more transparent with the data.

“Current federal law does not fully address the use of new technologies, despite the fact that social media, web tracking, and mobile devices allow for faster, cheaper and more detailed data collection and sharing among resellers and private-sector entities,” the Senate report says, calling for more oversight of the industry.

The hearing’s revelations pertaining to MEDbase200, the company that collected information on victims of sexual assault and domestic violence, led to the company removing those lists from its website. A spokesperson for the company’s parent organization told the Wall Street Journal MEDbase200 did not intend to peddle any list entitled “rape sufferers” - which it was, at a price of $79 for 1,000 names - and that it was only a “hypothetical list of health conditions/ailments” created for internal use.

Upon questioning from the Wall Street Journal, MEDbase200 also nixed lists of HIV/AIDS patients and “peer pressure sufferers” that were for sale.