Thora Johnson and Alexandra Wood discuss:
- Key federal regulation including HIPAA
- The patchwork at the state level, including a growing number of state consumer health privacy laws
Alexandra: What does the legal landscape look like for health data in the U.S.?
Thora: It looks like a patchwork. The first thing to consider are the federal laws. We have HIPAA, if it is protected health information (PHI), so generally speaking applicable to providers that bill for the delivery of their services and health insurance companies. But there's also the FTC, which is laser-focused on consumer health data that is not PHI.
Alexandra: And what about in the states?
Thora: Well, there are about 20-plus consumer privacy laws that have particular and specific guardrails around sensitive information, which includes health information. We are also seeing some specific consumer health privacy laws, particularly Washington's My Health, My Data and Nevada has a similar law.
[View source.]
