This feels like it should be better dealt with via legislation. Already sounds like health data, which is legislated to high-heaven in the US, and also sounds like the juiciest ever GDPR suit waiting to happen in the EU.
Well the example was now around health data, but you can easily make up other more innocuous examples that will discriminate enough to give you a disadvantage.
