Creates a comprehensive federal framework to strengthen privacy, security, de‑identification, consent, and breach rules for health-related data. It directs HHS (working with the FTC) to write enforceable rules that build on HIPAA/HITECH, requires clearer notice and consent when data leaves HIPAA protections (including prohibiting sales without consent and offering opt-outs for digital wellness data), sets national standards for when data is “de‑identified,” commissions a National Academies study on paying people for identifiable health data, and issues guidance for AI uses of health data.