Health Data and National Security

A growing number of healthcare data leaks put our national security at risk. Sensitive health information in American healthcare centers cascades into unknowable hands, even unfriendly hands. 

Lawmakers passed the Health Insurance Portability and Accountability Act (HIPAA) and related laws to safeguard patients’ electronic Protected Health Information (ePHI), but it is clearly not enough. The vulnerability of health data security poses a national security threat as massive amounts of American health data land in centralized databases, which  are strategically targeted by bad actors including foreign nations.

When foreign nations access weakly protected American health record data, it gives them greater power over America. As patients visit with their healthcare providers, the most intimate data on a person may be shared and recorded for healthcare purposes. When foreign nations have access to such data, it means they have more power to identify, intrude upon, intimidate, manipulate, or generally influence both individual Americans and American affairs generally using information pulled from aggregate health data. Foreign interests using bribery can be seen in the case of China’s influence upon Linda Sun, the former deputy chief of staff to New York Governor Kathy Hochul, which came to light in 2024. 

Current laws do not require healthcare centers to have an individual’s consent to pass the patient’s data beyond the walls of facility. Data collected by hospitals and clinics duplicate from one organization’s database to the next, and the level of security descends from HIPAA Covered Entities, to Business Associates, to Business Associates of Business Associates, vendors, sub-vendors, subcontractors and other third parties. Duplication of data to each entity multiplies the security risk, exponentially. 

Whereas the security of our health data so affects national security, the need is clear for the financial support and development of innovative American minds to create the next generations of private, secure, healthcare record data systems.