Event Recap: Securing Consumer Health Data: Balancing Privacy, Access, and Innovation

by CareFirst | May 23, 2025 | Advocacy & Public Policy

CareFirst BlueCross BlueShield (CareFirst) recently hosted a virtual panel discussion titled, "Securing Consumer Health Data: Balancing Privacy, Access, and Innovation." Colette Chichester, Vice President of Government Affairs at CareFirst, kicked off the event; and Rob Suárez, CareFirst’s Vice President and Chief Information Security Officer, moderated the discussion. The panel featured leading experts in data privacy, health IT, cybersecurity, and interoperability:

  • Samantha Burch, Vice President of Technology Public Policy, AHIP
  • Lisa Gallagher, National Cybersecurity Advisor, The College of Healthcare Information Management Executives
  • Tina Grande, President and CEO, Healthcare Trust Institute

Today, consumers have more access to their health data today than ever before, whether through mobile health apps or fitness trackers. Nearly 60% of Americans use an online platform or portal to access their medical records. These interactions with the healthcare system and emerging technologies generate vast amounts of data, leading to meaningful benefits like early detection of conditions like cancer, dementia or heart disease.

However, as digital health tools become more integrated into everyday life, concerns over data security continue to rise. In 2024, the healthcare sector experienced a record-breaking surge of cyberattacks, with more than 350 major data breaches impacting millions of individuals. With data breaches growing in frequency and severity, an overwhelming majority of Americans worry about the safety and privacy of their personal health data online. This raises a critical question: How can we protect sensitive health data while ensuring consumers can seamlessly access their information to make informed decisions about their healthcare?

Throughout the webinar, panelists addressed this question and several other important topics, including:

  • Public-Private Partnerships: Lisa Gallagher highlighted the importance of public-private partnerships in protecting critical infrastructure and fostering information sharing. She emphasized that the private sector should lead efforts with the government to establish best practices and standards; and support the development of a federal cybersecurity law that addresses the rapidly advancing cyber threats both domestically and abroad.
  • A Framework that Extends HIPAA Requirements: Samantha Burch discussed the need for policymakers to close regulatory gaps by developing a framework that evolves with modern technological advancements. She pointed out that many third-party vendors, including mobile health apps, fitness trackers and AI health platforms, fall outside of HIPAA’s scope even though they collect and process sensitive health data.
  • Campaigns that Educate Consumers and Build Trust: Tina Grande stressed the importance of creating comprehensive campaigns that educate consumers on how to evaluate the safety of apps and technologies. She noted that consumers often face privacy fatigue due to lengthy disclosures and documents when accessing digital products.

CareFirst is committed to prioritizing cybersecurity to ensure the confidentiality and integrity of data, allowing our members to focus on their top priority: access to affordable, equitable, high-quality healthcare. The examples, strategies and lessons shared during this event highlight the opportunities and challenges ahead for this critical work.

If you missed the event, you can watch the embedded recording above and learn more about how to navigate the evolving cybersecurity threat landscape, while also empowering consumers.