Last month, the Office of the National Coordinator for Health Information Technology (“ONC”) sent a report to Congress highlighting the absence of adequate privacy and security safeguards for health data collected by entities not regulated by HIPAA. For a discussion regarding the next steps to address these privacy and security gaps, please see our recent