United States of America: Health Information Privacy Reform Act was introduced to Senate

On 4 November 2025, the Health Information Privacy Reform Act (SB 3097) was introduced to the Senate. The Act applies to private entities and service providers processing health data outside the Health Insurance Portability and Accountability Act's (HIPAA) scope, including wellness and digital health platforms. It directs the Health and Human Services Secretary, in consultation with the Federal Trade Commission, to set national privacy, security, and breach notification standards aligned with HIPAA and the Health Information Technology for Economic and Clinical Health Act. The Act adds rights to access, delete, and port data, requires plain-language notices when information leaves HIPAA protection, and mandates consent before data sales. The Act also orders standards for de-identification, guidance for Artificial Intelligence-related data use, and a study on paying patients for research data.