Understanding Health Data Beyond HIPAA: The Hidden Regulatory Landscape
- Katarzyna Celińska
- 1 hour ago
- 1 min read
Many still believe that all health-related information in the U.S. is governed by HIPAA — but the truth is very different.
Today, most health data processed by businesses, platforms, AI systems, employers, and data brokers does not fall under HIPAA and is instead regulated by a complex patchwork of state privacy laws.
Photo: https://pl.freepik.com/
In the full article, I break down:
• which types of health data are not covered by HIPAA,
• how U.S. states are introducing HIPAA-style protections for consumer health data,
• the growing obligations around AI-generated health inferences,
• employer and wellness-program data responsibilities,
• and why mapping data flows is the only way to correctly identify regulatory obligations.
Based on my experience delivering medical-data projects in the U.S., I explain why organizations must now shift from narrow “HIPAA compliance” to comprehensive health-data governance across all systems and data categories.
Author: Sebastian Burgemejster
Comments