Though the White House’s plans to collaborate with tech companies in building a health data-sharing system could ultimately result in a beneficial network, its current lack of clarity and transparency about data protections is concerning, consumer advocates said.
Health Privacy and HIPAA
Privacy Daily follows regulatory changes to and enforcement of the federal Health Insurance Portability and Accountability Act (HIPAA). The law governs how health care providers, insurers and other covered entities handle protected health information and imposes safeguards to prevent unauthorized access or disclosure. We also track new health privacy laws in the states including the Washington My Health My Data Act and a similar bill passed in New York state. Coverage includes significant HIPAA violations, enforcement actions and trends that shape how health data is collected, shared and secured.
The Senate Privacy Subcommittee is focused on the Judiciary Committee’s jurisdiction over privacy legislation, but expect collaboration with the Senate Commerce Committee, Sen. Marsha Blackburn, R-Tenn., told us Thursday. Other senators offered views on the White House's plans to work with tech companies to build a healthcare data-sharing system (see 2507310067).
So far in 2025, state lawmakers and regulators have focused on data related to health, children, geolocation and biometrics, said Sidley privacy attorneys Colleen Theresa Brown, Sheri Porath Rockwell and Sasha Hondagneu-Messner in a blog post Thursday.
Consumer advocates on Thursday continued to sound the alarm over the White House’s plans to work with tech companies in building a health data-sharing system.
Minnesota's comprehensive privacy law that took effect Thursday uniquely requires companies to allow consumers to question their automated decisions. The law also includes uncommon requirements about material changes to privacy polices and giving lists of third parties to consumers. While companies will also for the first time face requirements such as having to conduct data inventories and appoint chief privacy officers, many of the law's stipulations are already best practices, privacy lawyers told us.
President Donald Trump’s possible health-tracking system with Big Tech companies should increase the urgency for New York Gov. Kathy Hochul (D) to sign a health data privacy bill that passed the state legislature months ago, Assemblymember Linda Rosenthal (D) said in a Wednesday interview with Privacy Daily: “I will bring it to” the governor's office’s “attention today.”
The growing practice of uploading medical reports on generative AI platforms is an "alarming phenomenon" because it risks loss of control over people's sensitive health data and the provision of incorrect information to the public, Italian data protection authority (DPA) Garante said Wednesday.
The Senate should revisit legislation to protect consumers’ health data privacy outside the scope of the Health Insurance Portability and Accountability Act (HIPAA), Sens. Bill Cassidy, R-La., and Jacky Rosen, D-Nev., told us in recent interviews (see 2507090048).
Recent settlements show the vulnerability of companies that hire privacy vendors and think they're in compliance, Frankfurt Kurnit attorneys said during a webinar Thursday. In addition, they noted that states besides California are becoming more active in privacy litigation and enforcement.
Privacy Daily is providing readers with the top stories from last week, in case you missed them. All articles can be found by searching the title or clicking on the hyperlinked reference number.