Examining Oversight of the Privacy and Security of Health Data Collected by Entities Not Regulated by HIPAA

This report by the Office of the National Coordinator for Health Information Technology discusses the lack of clear guidance around consumer access to, and privacy and security of, health information collected, shared, and used by entities that are not currently covered by HIPAA. Examples of such technologies include fitness trackers and other types of health information technology, which did not exist when HIPAA was enacted in 1996.