Last year, lawmakers introduced two bills – the Healthcare Cybersecurity Act of 2024 and the Health Infrastructure Security and Accountability Act of 2024 (HISAA) – aimed at modernizing protections for sensitive health data. The limited scope and enforcement mechanisms outlined in these bills may fall short of addressing the escalating cyber threats plaguing our increasingly digital healthcare system.
The proliferation of consumer health technologies – like fitness trackers, mobile health apps, and telemedicine platforms – has created new risks that fall outside the protections of HIPAA and the scope of the proposed legislation.
To address these challenges, policymakers should extend existing healthcare privacy regulations to encompass consumer health data. Healthcare organizations must work alongside tech companies to establish clear data protection protocols that address the distinct challenges posed by non-traditional health data, such as the need for integration across different platforms while maintaining security.
【MORE】