Christine Moundas: I’m Christine Moundas, a partner in Ropes & Gray’s New York office. I sit in the health care group, participate in the data practice, and co-lead Ropes & Gray’s digital health initiative. I advise healthcare, life sciences, and digital health companies on digital health and AI collaborations and regulation, data privacy, security, and incident response, as well as healthcare regulatory issues more broadly.
If you are interested in cutting-edge digital health and health data issues impacting the healthcare and life sciences industries, here are three trends to watch in 2026.
We’re seeing a few new major trends in digital health and health data issues. First and foremost, new U.S. state consumer privacy laws are either online or coming online in half of the states in the U.S. They are requiring new data compliance programs and processes to be stood up at rapid speed. This includes implementing new data security audits, data impact assessments, and processes for honoring consumer rights. Companies across the country need to better understand how these laws impact them and invest in durable compliance strategies to address these new requirements.
In addition, we are seeing many states take a lead in trying to regulate AI in the healthcare space. There is currently a patchwork of laws that seek to regulate AI developers, health IT and electronic health record vendors, healthcare providers, and payors. Companies need to take this into account when piloting or implementing new AI initiatives or going to market with proposed AI solutions. This is in addition to already robust regulation we have seen at the federal level from the FDA and the Office of the National Coordinator for Health IT, which continues to evolve.
Finally, we continue to see intense security around data privacy and security incidents. Whether it be state attorney general inquiries or class action litigation, healthcare and life sciences companies need to prioritize appropriate data safeguards to avoid these incidents, as they can result in costly enforcement actions or litigation. We’re also seeing new federal and state expectations around health data security that need to be address head-on through proactive data security programs, data security risk assessments, and the implementation of robust controls.
Bottom line—in 2026, offense is the best defense around these issues. Companies that prioritize proactive and well-structured digital health and health data initiatives and programs have the best chance of staying ahead of the curve.
If you need practical advice on how best to help your organization navigate these novel areas of law, our team is here to help.
