On January 21, 2026, the Electronic Privacy Information Center (EPIC) released a major report titled Beyond HIPAA: Reimagining How Privacy Laws Apply to Health Data to Maximize Equity in the Digital Age, spotlighting an escalating health data privacy crisis in the United States. The report, as detailed by EPIC, pulls back the curtain on the mounting dangers posed by unregulated digital technologies, inadequate privacy laws, the criminalization of healthcare, and shifting federal policies that disproportionately impact marginalized communities.
According to EPIC, the current digital landscape is rife with commercial surveillance. Big Tech companies, described as architects of this surveillance apparatus, systematically extract sensitive health data from individuals. This information, once collected, is used to profile people, reveal their health conditions, manipulate their behavior, and even drive up the cost of care through targeted advertising and data sales to insurance providers. The report warns that these practices erode trust in the health system, pushing people away from seeking care and ultimately worsening health outcomes. As Sara Geoghegan, EPIC Senior Counsel, emphasized, "We face a health privacy crisis where care is inaccessible due to criminalization, costs, stigma, and the rise of government intrusion into medical care which forces people to delay or retreat from care, worsening their health."
The timing of the report is no coincidence. The health privacy crisis, as outlined by EPIC, has deepened under what they describe as a "collusive alliance" between Big Tech and the current administration. The report criticizes a series of federal actions: slashing Medicare, deregulating health technologies, dismantling internal privacy safeguards, deploying ICE agents to hospitals, and encouraging the use of short-term insurance plans that lack the protections of traditional coverage. According to the report, these measures make privacy protections for health data—which often falls outside of HIPAA's reach—more important than ever.
EPIC’s analysis highlights the unique vulnerability of marginalized communities. These groups, already grappling with criminalization and stigma, often lack the resources to address the harms caused by commercial surveillance. The report makes clear that the health privacy crisis is not distributed equally; those with the least power and protection bear the brunt of the consequences. As Geoghegan put it, "When our health data is harvested, sold, and used in harmful ways—like for targeted ads or to set our insurance rates—people’s trust in our health system breaks down even further."
The landscape of health data privacy is further complicated by rampant breaches of health information. EPIC’s report details how these breaches, coupled with the lack of regulation for artificial intelligence tools used in health contexts, have left consumers exposed. Many people now turn to apps, chatbots, and websites for medical advice, yet these technologies often operate in regulatory gray zones. The report also raises alarms about the unique risks faced by minors, who are especially vulnerable to the harms of unregulated digital health technologies.
EPIC’s recommendations are direct and ambitious. The centerpiece is a call for a robust data minimization standard—essentially, collecting and retaining only the health data that is strictly necessary. This, the report argues, is the most effective way to build a future that is both privacy-protective and healthier for all. Geoghegan didn’t mince words: "We cannot trust tech billionaires that peddle their unregulated technologies, profile us based on our health conditions, and use the federal government to demand more data about us to help us access quality health care. We can build a safer, freer, more privacy-protective future in which the wellbeing of all people is prioritized over the interests of a few powerful companies."
To further the conversation, EPIC hosted a panel discussion on January 21, 2026, at 2 p.m. EST, titled Beyond HIPAA: Reimagining How Privacy Laws Apply to Health Data to Maximize Equity in the Digital Age. The event brought together privacy experts, legal scholars, and advocates to discuss how the absence of robust privacy protections leads to worse health outcomes and deepens inequities across the healthcare system.
Meanwhile, on the same day, MageeNews.com published an article highlighting practical steps being taken at the local level to bolster health data privacy. The piece described advanced privacy features offered by Epic for SCRMC (South Central Regional Medical Center) and its partners, focusing on protections for adolescent visits, reproductive health counseling, domestic violence screening, and substance-use discussions. These measures are designed to ensure that sensitive health information remains confidential, especially for vulnerable populations such as teenagers and individuals seeking reproductive or mental health services.
According to MageeNews.com, Epic’s features allow patients and their families to review and manage proxy access to medical records through the MyChart platform. This means parents, caregivers, and partners can be granted or restricted access as appropriate, giving patients more control over their information. The system also enables users to control notifications and communication preferences, further enhancing privacy protections.
The article underscores the importance of compliance with existing laws, including HIPAA, Substance Use Confidentiality Regulations, and state-specific privacy statutes that protect reproductive and mental health records. MageeNews.com offers practical advice to patients and families: use strong passwords, enable two-factor authentication, and ask care teams how sensitive information will be documented. These simple steps can make a significant difference in safeguarding personal health data from unauthorized access or misuse.
The juxtaposition of EPIC’s sweeping critique and the local-level efforts described by MageeNews.com paints a complex picture. On one hand, there is a call for systemic reform—rethinking federal policy, regulating Big Tech, and enacting stricter data minimization standards. On the other, there are tangible, everyday actions that individuals and healthcare providers can take to protect privacy within the current system. Both perspectives agree on one thing: the stakes are high, and the consequences of inaction are profound.
EPIC’s report and the MageeNews.com article together highlight a fundamental truth: trust is the cornerstone of effective healthcare. Without privacy, trust withers, and when trust is gone, people are less likely to seek care, disclose vital information, or follow medical advice. The health privacy crisis is not just a technical or legal issue—it is a matter of public health and social equity. As the digital age continues to reshape the landscape of healthcare, the need for robust, enforceable privacy protections has never been more urgent.
As policymakers, healthcare providers, and technology companies grapple with these challenges, the voices of advocates, patients, and local communities will play a crucial role in shaping the future of health data privacy. The path forward may be complex, but the message from both national watchdogs and local institutions is clear: privacy is not a luxury—it is a necessity for health, equity, and trust.
:sharpen(0.5,0.5,true)/tpg%2Fsources%2F9a0fbf03-a11c-4e73-8af8-745f83d34aea.jpeg)