The Future of Health Data Privacy Is Here—With or Without HIPRA
By on

Health data privacy is entering a new era—and the warning signs are already here. While the Health Information Privacy Reform Act (HIPRA) proposed by Senator Bill Cassidy may not make its way through Congress, its message to digital health companies and HIPAA-covered entities is unmistakable: the regulatory gap around consumer health data is closing fast.

For years, many digital health tools, wellness apps, wearables, and data-driven health platforms have operated outside the scope of HIPAA, relying instead on broader consumer privacy frameworks. That approach is becoming increasingly risky. A growing wave of state health privacy laws such as Washington and Nevada, combined with proposals like HIPRA and New York’s Health Information Privacy Act, signals a shift toward treating consumer health data with the same rigor long reserved for “HIPAA-covered” information.

In this recent article, we explore why HIPRA should be viewed less as a question of if it will pass and more as a preview of where health-data regulation is headed—and what organizations should be doing now to stay ahead of enforcement risk, partner expectations, and consumer trust in their use of health data in the AI-era.

Share +

KMK Law articles and blog posts are intended to bring attention to developments in the law and are not intended as legal advice for any particular client or any particular situation. The laws/regulations and interpretations thereof are evolving and subject to change. Although we will attempt to update articles/blog posts for material changes, the article/post may not reflect changes in laws/regulations or guidance issued after the date the article/post was published. Please consult with counsel of your choice regarding any specific questions you may have.

ADVERTISING MATERIAL.

© 2025 Keating Muething & Klekamp PLL. All Rights Reserved

Subscribe

Jump to Page
Close