Emerging “direct-to-consumer” health products and devices are not addressed by current HIPAA legislation. Healthcare providers should feel comfortable to encourage the use of novel patient-centered technology as it would be highly favorable to improve public health. Unfortunately, gaps and overlaps in the U.S. data privacy laws and regulations have opened a new avenue for third-party entities to obtain sensitive private health information from non-covered health oriented technologies and use it inappropriately for employment decisions or even health, life and other insurance premium purposes. As cogently illustrated in a 2019 article in The New York Times: “The current protocols for exchanging patients’ data, for instance, would let people use consumer apps to get different types of information, like their prescription drug history. But it is an all-or-nothing choice. People who authorized an app to collect their medication lists would not be able to stop it from retrieving specific data-like the names of H.I.V. or cancer drugs-they might prefer to keep private.”  In fact, unauthorized access to sensitive health data by hackers could lead to fraudulent filings of tax returns, fraudulently filing of healthcare claims to insurance companies; or the receipt of other types of benefits such as acquiring free drug prescriptions.

Please see the article for references.