Last Update: 04/05/2026 at 2:50 PM EST
Federal Rules Open Health Data
Coverage from Bipartisan Policy Center, Fierce Healthcare, and others
Articles
3
Latest Article
09/21
Active Days
560
Executive Summary
New HHS rules expand patient access to health records through apps and APIs, but shift sensitive data outside HIPAA and raise privacy risks
- HHS waived parts of HIPAA during COVID-19 to allow more health data sharing for public health and care
- ONC and CMS rules require APIs so patients can export records and insurance data to chosen apps
- Hospitals, EHR vendors, and plans must support patient-authorized data export and cross-system transfers
- Information blocking is banned, with exceptions, and penalties for blockers are expected later
- Third-party apps receiving data directly from patients are generally outside HIPAA protections
- FTC oversight of apps is limited and often depends on company privacy statements and enforcement after misuse
- Lawmakers and stakeholders called for new federal legislation to close gaps in health data privacy
Quick Facts
- What: Rules expand patient health data sharing through APIs
- Where: United States healthcare and consumer app ecosystem
- Why: To improve patient access while privacy gaps remain
- Who: HHS, ONC, CMS, providers, EHR vendors, app makers
- When: During the COVID-19 emergency and after final rulemaking
Coverage Timeline: 560 Days
Featured Article
During the COVID-19 emergency in the United States, the Department of Health and Human Services issued interoperability rules and HIPAA waivers that expand electronic health data sharing and shift privacy risks to consumer apps.
Additional Articles
⭐⭐⭐⭐⭐
ONC issued a rule requiring EHR API access and banning information blocking, expanding patient data portability across US healthcare providers.
⭐⭐⭐
Apple enables patient health data sharing with doctors via Health app and EHR integration in the United States.