Introduced

Health Information Privacy Reform Act

Back
Table of contents
SummaryImpact AnalysisStatusLegal ChallengesTake Institutional ActionAssociated or Derivative PoliciesPolicy Prior to 2025Additional Resources
Legislation
Legislation

Policy Type: Legislation

A proposed or enacted law passed by a legislative body (e.g., Congress). It includes bills (proposed laws) and statutes (laws that have been passed and signed into effect).

Who It Impacts: Everyone within the jurisdiction of the law. Legislation passed by Congress and signed into law applies to individuals, businesses, federal and state agencies, and sometimes even foreign entities if the law has international implications.

Who Is Not Impacted: Those outside the scope of the law. For example, a law regulating U.S. healthcare providers does not impact people in other countries. Some laws may also include exemptions for certain groups (e.g., small businesses, religious organizations).

Date Enacted
November 4, 2025
Last Updated
December 16, 2025
Policy Type
Public Health
Research and Data
No items found.

Summary

Summary (50 Words or fewer): This bill would expand federal privacy protections for health-related data beyond current HIPAA coverage to include consumer health technologies (wearables, apps, trackers) and other non-HIPAA systems, requiring disclosure of data use and informed consent before collection, use, or sharing of sensitive health information.

Impact Analysis

By modernizing health privacy law, this bill addresses gaps left by HIPAA that leave health data from apps, wearables, and consumer platforms unprotected. Protecting this data can help reduce discrimination and unauthorized commercial exploitation,  issues that disproportionately affect vulnerable groups such as those with low digital literacy. Strengthened privacy may improve trust and encourage equitable access to digital health tools.

Status

Legal Challenges

N/A

Take Institutional Action

Review internal practices for collecting, storing, and sharing digital health data (including data from patient portals and integrated devices) to prepare for potential expanded federal standards. Strengthen consent processes so individuals clearly understand how their health data (including digital and wearable data) may be used and shared.

Implement administrative, technical, and physical safeguards aligned with anticipated federal privacy standards, especially for entities handling cross-platform health data.  Consider informing patients about their privacy rights and how digital health tools interact with federal privacy protections.

Associated or Derivative Policies

Builds on the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which currently protects only certain health data, and seeks to extend similar protections to non-HIPAA health information.

Policy Prior to 2025

Before this bill, HIPAA and the HITECH Act provided strong protections for health data handled by “covered entities” (providers, insurers) and their business associates, but health information outside these settings, including data from fitness apps, wearables, and direct-to-consumer health platforms, often lacked robust federal protections.

Additional Resources

National Library of Medicine, Principles for Health Information Collection, Sharing and Use: https://pmc.ncbi.nlm.nih.gov/articles/PMC10912036/

CDC: Data Sharing and Collection Principles and Standards: https://www.cdc.gov/program-collaboration-service-integration/php/data-security/principles.html

Discover More

In Force
May 12, 2025

Delivering Most-Favored-Nation Prescription Drug Pricing to American Patients

Executive Office of the President - White House Office
Executive Order
Executive Order

Policy Type: Executive Order

A directive issued by the President that manages operations of the federal government. Executive orders have the force of law but must align with existing statutes and constitutional authority.

Who It Impacts: Federal agencies and employees, directing them on how to implement laws or carry out government functions. Executive orders can also influence businesses and individuals when they relate to issues like immigration, trade, or labor policies.

Who Is Not Impacted: Private citizens and businesses do not have to directly follow an executive order unless it leads to regulations or policies that apply to them. For example, an executive order directing federal agencies to increase renewable energy use does not mandate action from private companies, but it may influence policy shifts that eventually affect them.

Last Updated
May 12, 2025
Policy Type

This executive order directs the Secretary of Commerce and the U.S. Trade Representative to take actions to prevent the suppression of pharmaceutical prices below fair market value abroad. It also directs the Secretary of Health and Human Services (HHS) to establish direct-to-consumer purchasing programs to obtain lower prices for American patients. The HHS Secretary, the Assistant to the President for Domestic Policy and the Centers for Medicare & Medicaid Services Administrator are responsible for setting “Most Favored Nation (MFN)” price targets for pharmaceutical manufacturers (“the lowest price in an OECD country with a GDP per capita of at least 60% of the U.S. GDP per capita.”). If targets are not met, then MFN pricing may be imposed, and legal action, import/export regulations and drug review actions may be taken.

Healthcare Delivery, Services & Quality
learn more
In Force
September 18, 2025

Rule: Contract Year 2026 Policy and Technical Changes to the Medicare and Medicaid Programs

Department of Health and Human Services
Executive Order
Executive Order

Policy Type: Executive Order

A directive issued by the President that manages operations of the federal government. Executive orders have the force of law but must align with existing statutes and constitutional authority.

Who It Impacts: Federal agencies and employees, directing them on how to implement laws or carry out government functions. Executive orders can also influence businesses and individuals when they relate to issues like immigration, trade, or labor policies.

Who Is Not Impacted: Private citizens and businesses do not have to directly follow an executive order unless it leads to regulations or policies that apply to them. For example, an executive order directing federal agencies to increase renewable energy use does not mandate action from private companies, but it may influence policy shifts that eventually affect them.

Last Updated
September 18, 2025
Policy Type

This rule focuses on requiring Medicare Advantage (MA) plans to submit accurate provider directory data to CMS for inclusion in the Medicare Plan Finder, updating changes within 30 days, and attesting annually to accuracy. Along with CMS’s regulatory impact estimates of cost and time savings for beneficiaries and documentation burdens for plans.

Healthcare Coverage
Healthcare Delivery, Services & Quality
learn more
No items found.
close Popup

Get Involved and Stay Connected

Be the first to receive updates on the Health Equity Policy Hub and how to participate.
This field is required.
This field is required.
This field is required.
This field is required.
This field is required.
This field is required.
This field is required.
This field is required.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.