Understanding Health Data Beyond HIPAA: The Hidden Regulatory Landscape

Many still believe that all health-related information in the U.S. is governed by HIPAA — but the truth is very different.

Today, most health data processed by businesses, platforms, AI systems, employers, and data brokers does not fall under HIPAA and is instead regulated by a complex patchwork of state privacy laws.

 Photo: https://pl.freepik.com/

In the full article, I break down:

• which types of health data are not covered by HIPAA,

• how U.S. states are introducing HIPAA-style protections for consumer health data,

• the growing obligations around AI-generated health inferences,

• employer and wellness-program data responsibilities,

• and why mapping data flows is the only way to correctly identify regulatory obligations.

Based on my experience delivering medical-data projects in the U.S., I explain why organizations must now shift from narrow “HIPAA compliance” to comprehensive health-data governance across all systems and data categories.

Link

Author: Sebastian Burgemejster