Data Domains: Privacy is good for your Health
Health is one of the most personal aspects of our lives, and the data associated with it is among the most sensitive we can generate. That’s precisely what makes this vertical so fascinating (and so challenging). In this post, part of our Data Domains series, we’re exploring what makes healthcare privacy uniquely complex, from emotional dynamics to regulatory blind spots.
More than sensitive
At its core, health data is tied to the most personal and emotional life events: births, diagnoses, miscarriages, surgeries, mental health struggles, or fertility journeys. When a patient shares this data, they aren’t just checking a box. They’re making themselves vulnerable, and expecting that vulnerability to be respected.
That puts enormous pressure on healthcare providers, apps, insurers, and platforms to be not only compliant but deeply thoughtful. A report by McKinsey found that 60% of Americans already do not trust their healthcare providers with their personal data. A single misstep can shatter trust in a way that no loyalty program could ever rebuild. From a legal perspective, the risk is also higher than usual.
When privacy fails: Two cautionary cases
Speaking of legal issues, in June 2025, the UK’s ICO fined DNA service 23andMe £2.3 million for failing to prevent a security attack that exposed sensitive data of over 150,000 users. The information included genetic ancestry information and details about users’ relatives. Since then, 23andMe has filed for bankruptcy protection and is reportedly overwhelmed with data deletion requests, struggling to fulfill them.
Just a month later, women’s health tracker Flo Health agreed to settle a US class-action lawsuit over unauthorized sharing of health-related data with third parties like Meta. While Flo did not admit any wrongdoing, the incident is a solid example of the growing scrutiny around health and wellness apps.
A maze of regulations
There are multiple frameworks for health data, and each adds its own complexity. In the US, HIPAA governs data from covered entities like hospitals and insurers. In the UK, the NHS Transformation Directorate and UK GDPR shape how public and private health data is handled. For example, under NHS guidelines, any sharing of patient data beyond direct care requires explicit, purpose-specific consent.
Global health companies must navigate varying interpretations of what “consent” and “protection” mean, all while keeping patient care uninterrupted.
Fragmented systems lead to disconnected responsibilities
Patient data doesn’t stay in one place. It flows across doctors, hospitals, labs, insurers, pharmacies, telehealth services, fitness apps, and AI-based platforms. Each entity may be using its own systems, data formats, and privacy frameworks. This makes it incredibly difficult to track where the data is stored, who has access to it, and what it’s being used for.
Sounds complex? It is. But the good news is that Mine helps healthcare organizations identify all data flows and visualize who’s accessing what, even across fragmented ecosystems.
Proxy access dilemmas
Because health issues impact our ability to manage certain situations, parents, caregivers, or legal guardians often access or manage someone else’s health data. That raises questions such as: When does a teen gain full privacy rights? Can a caregiver view mental health records at any time?
Handling proxy access while respecting individual rights requires smart controls, layered permissions, and clear policies.
When apps guess your health issues without telling you
Many modern health technologies can infer health states from behavioral signals. For example, an app might detect depression based on screen usage and sleep patterns.
These inferences aren’t always disclosed, and they often fall outside of current privacy laws. Yet they’re used to shape everything from content recommendations to ads. The lack of transparency and regulation around inferred health data makes this one of the most quietly dangerous trends in the space.
Striking a balance between accessibility and protection
Health data should be accessible to patients, doctors, and the systems that support care. But every access point is a potential vulnerability. Organizations are expected to retain data for legal or medical continuity, while also honoring rights to deletion, portability, and minimal use. Balancing these competing priorities is a challenging task, and utilizing new technology tools can also be risky. A Harvard Business Review survey found that 70% of healthcare executives consider privacy and security risks the most significant barrier to embracing new opportunities for innovation.
As healthcare continues to evolve, privacy will only grow more critical. Whether you're managing a hospital system, building a wellness app, or integrating third-party health data, the margin for error is small and the consequences are personal.
At Mine, we help organizations of all kinds take control of this complexity. From mapping sensitive data across fragmented ecosystems to automating consent and deletion workflows, our platform makes it easier to respect privacy, meet regulations, and preserve trust.