A Roadmap Out of Health Law’s Privacy Fallacy for the AI Age
Abstract
This text applies Cofone’s critique to the field of health privacy, arguing that legacy frameworks such as HIPAA are ill‑equipped to address the complexities of the AI‑driven health data ecosystem. Drawing from The Privacy Fallacy, it highlights how modern health data flows—spanning search engines, mobile apps, data brokers, and generative AI tools—operate far beyond the scope of traditional healthcare regulation.
The contribution shows how the assumptions underpinning HIPAA fail in a world where health‑related inferences can be drawn from online behavior, metadata, and cross‑platform aggregation. It critiques overreliance on deidentification, noting that contemporary inference techniques render such protections fragile. Echoing Cofone’s call to shift from procedural compliance to harm‑based accountability, the text argues that health privacy must be reframed around trust, power asymmetries, and the real-world consequences of data practices. It proposes that meaningful reform requires aligning health privacy law with the systemic, relational, and often opaque dynamics of the modern information economy.
English
Keywords
Deidentification fallacy – Generative AI – Health privacy – HIPAA limitations – Medical data exploitation – Privacy harm in healthcare – Trust and fiduciary duties