Thora Johnson was quoted on May 30, 2018, in an article in Bloomberg Law about how digital health data is being created at a dizzying rate yet a significant chunk of that personal information isn’t covered by federal privacy and security laws. According to the article, digital health-care data pose real privacy risks, and a federal law change to regulate it is likely in the future.
Ms. Johnson said that it's almost certain that the federal government will look to regulate health information that's not subject to HIPAA. Direct-to-consumer health-care wearables aren't currently subject to HIPAA and are generating enormous volumes of data daily. Wearables include fitness trackers manufactured by Fitbit, Garmin, and other companies.
"If data from these devices and wearables not otherwise subject to HIPAA is altered by an attacker and individuals are harmed, we're likely to see a swift response from the federal level," Johnson said.
That response may include extending HIPAA to all health-care data, regardless of the types of entitles holding the data, Johnson said.