Potential Data Privacy Regulatory Hurdles Facing Telehealth (2025)

Pending new health information privacy legislation in New York state, if signed into law, would make the use of patient data by telehealth and remote patient monitoring companies for certain activities much more difficult, said Aaron Maguregui, a partner at law firm Foley and Lardner.

The legislation, which awaits New York Governor Kathy Hochul's signature, adds tough restrictions on the how health information can be processed and sold by an array of organizations that are not currently subject to other regulations, including HIPAA.

"Entities that are even broader than the digital health ecosystem will be brought into the requirements to comply with this law," said Maguregui, who is co-chair of a data privacy committee of the American Telemedicine Association.

"Companies that don't necessarily see themselves as healthcare companies all of a sudden will be forced to segregate and keep information separately because of the requirements to comply with New York Health Information Privacy Act," he said

"In the telehealth industry specifically, there's a foundational aspect of creating patient engagement," he said. But provisions contained in the proposed New York State law - including requirements for regulated organizations to obtain consumer authorization for a variety of specific types of data processing - potentially "chill" that patient engagement, he argued.

"One of the big concerns that I think stretches across the telehealth industry as a whole is that the use and processing of regulated health information to either do research or development or improve a platform is significantly hampered by this law," he said.

That is because consumers would have to provide affirmative consent or authorization for all the different ways their data is used or processed by telehealth and remote monitoring entities, he said.

In this audio interview with Information Security Media Group (see audio link below photo), Maguregui also discussed:

• Other privacy and security regulatory considerations involving telehealth and remote patient monitoring;
• AI-related issues involving telehealth;
• Advancements in telehealth and remote patient monitoring.

In addition to his role as a partner at Foley and Lardner, Maguregui is also co-chair of the American Telemedicine Association's Health Data Work Group’s Privacy Committee, where he led the creation of the ATA’s Health Data Privacy Principles, which ensure telehealth practices meet standards for patient safety, data privacy and information security.