Regulatory Disruption and Arbitrage in Health-Care Data Protection.

Abstract

This article explains how the structure of U.S. health-care data protection (specifically its sectoral and downstream properties) has led to a chronically uneven policy environment for different types of health-care data. It examines claims for health-care data protection exceptionalism and competing demands such as data liquidity. In conclusion, the article takes the position that healthcare- data exceptionalism remains a valid imperative and that even current concerns about data liquidity can be accommodated in an exceptional protective model. However, re-calibrating our protection of health-care data residing outside of the traditional health-care domain is challenging, currently even politically impossible. Notwithstanding, a hybrid model is envisioned with downstream HIPAA model remaining the dominant force within the health-care domain, but being supplemented by targeted upstream and point-of-use protections applying to health-care data in disrupted spaces.