LUGPA Policy Update: Health Information Privacy Reform Act Introduced in Senate

November 2025

Senator Bill Cassidy (R-LA) has introduced the Health Information Privacy Reform Act, a proposal to modernize federal health data privacy laws and expand HIPAA-like protections to a broader range of entities that handle health-related information. The bill, referred to the Senate Committee on Health, Education, Labor, and Pensions (HELP), aligns with the committee and Sen. Cassidy’s ongoing efforts to strengthen patient privacy and ensure federal rules keep pace with emerging health technologies.

While HIPAA and the HITECH Act safeguard protected health information (PHI) managed by healthcare providers and plans, these laws do not cover the vast amount of health-related data generated outside traditional healthcare settings, such as through mobile health apps, wearable devices, or direct-to-consumer genetic testing services.

Sen. Cassidy’s proposal seeks to close these gaps by creating a new category of “regulated entities”, technology companies, data processors, and other organizations handling “applicable health information” (AHI), and holding them to similar privacy, security, and breach notification standards as HIPAA-covered entities.

Key Provisions

• Expanded Protections: Extends HIPAA-like safeguards to non-traditional entities managing health-related data outside the healthcare system.
• Patient Rights: Strengthens patients’ control over how their information is used, requiring consent for data sharing and sales.
• AI and Data Standards: Directs HHS to develop guidance for applying the “minimum necessary” standard to artificial intelligence and machine learning systems.
• De-Identification Rules: Establishes clear standards and prohibitions on re-identification of data, promoting stronger privacy protections.
• Research Oversight: Commissions a National Academies study on ethical and privacy considerations in compensating patients for sharing identifiable data for research.
• Federal Preemption: Establishes federal authority over health data privacy to ensure consistent national standards.

Why It Matters for LUGPA Members

For independent urology practices, the proposed legislation would not directly alter HIPAA obligations but could impact the broader digital health ecosystem, particularly among vendors, analytics tools, and patient engagement platforms.

• Positive Impacts:
• May increase patient trust in technology-enabled care by closing long-standing privacy gaps.
• Could simplify compliance by harmonizing federal standards and reducing state-by-state variation.
• Potential Challenges:
• Broader privacy requirements may raise costs or slow adoption of third-party tools used in independent practices.
• Ambiguities in definitions of “health-related data” and “regulated entities” could complicate compliance for smaller technology partners.

Outlook

The bill reflects bipartisan interest in updating privacy laws to reflect today’s digital healthcare environment. Hearings are expected in early 2026, though its path forward will depend on stakeholder feedback and balancing privacy protections with innovation.

LUGPA’s Position

LUGPA supports modernized privacy standards that protect patients while ensuring innovation and interoperability in healthcare. LUGPA will continue to monitor the bill’s progress and advocate for reforms that promote data security without imposing unnecessary administrative burdens on independent physician practices.