Patient Health Data

Artificial intelligence (AI) continues to dominate headlines—not just for its technological leaps, but also for the policies shaping its future. In a major development, a new Republican-backed tax bill, released by the House Energy and Commerce Committee on May 11, 2025, seeks to preempt states from regulating AI models for the next decade. If passed, this bill would prevent state laws governing AI systems, allowing only limited exceptions for measures that simply facilitate or streamline AI development and deployment. Laws attempting to regulate artificial intelligence models, artificial intelligence systems, or automated decisions systems would be disallowed during the 10 year period.

This proposed federal approach aligns with the current administration’s emphasis on AI innovation over regulation, reflecting a belief that a unified, national policy will spur American competitiveness in this rapidly evolving field.

On December 27, 2024, the U.S. Department of Health and Human Services (HHS), through its Office for Civil Rights (OCR), issued proposed changes to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule (the Proposed Rule) to strengthen the cybersecurity protections that HIPAA-regulated entities are required to maintain for electronic protected health information (ePHI).

On February 8, 2024, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) finalized long-awaited modifications to the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations at 42 C.F.R. Part 2, which requires individuals or entities that receive federal funding and provide SUD treatment to implement additional privacy protections and obtain specific consent before using and disclosing SUD treatment records (see 42 C.F.R. § 2.11).

Two new federal rules will make it easier for consumers to access, use and transmit their personal healthcare information using an app on their smartphone or tablet.  The regulations implement prior legislation and advance the current Administration’s intent to empower patients to be better consumers and transform the healthcare industry.

The two final rules were released on March 9 by the Department of Health and Human Services (DHHS):  from the Office of the National Coordinator for Health Information Technology (ONC), the 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program final rule; and, from the Centers for Medicare and Medicaid Services (CMS), the final rule on Interoperability and Patient Access.