The 1996 Health Insurance Portability and Accountability Act (HIPAA) prohibited the use or disclosure of an individual's health information unless specifically authorized by the individual or the law. Health information such as diagnoses, treatment information, medical test results and prescription information are considered protected health information under this Act. HIPAA requires healthcare organizations to keep patient data safe by exercising best practices in the areas of administration, physical security and technical security. However, this law must be periodically updated to keep pace with new technology. One of the most common HIPAA violations can result from a lost or stolen device such as a cellphone that can result in the theft of personal health information. Advocates worry about the growth of health-related information that is being created, gathered and collected outside of the scope of the HIPAA rules, from mobile applications, wearables and patient support websites. They say HIPAA protections should extend to any information in possession of or derived from a digital health feedback system, including sensors, devices and internet platforms connected to those sensors or devices that receive information about an individual.

Proposed Legislation: Reintroduction of S.24 - Protecting Personal Health Data (117th Congress 2021-2022)
Prospective Sponsor: Sen. Amy Klobuchar (MN)