On July 19, 2016, the ONC submitted a report to Congress which suggests that health privacy regulations soon may be revised to catch up with the universe of mHealth technologies that now use and share personal health data. The report, titled Examining Oversight of the Privacy and Security of Health Data Collected by Entities (the “Report”), was drafted by the ONC in collaboration with the Office for Civil Rights (“OCR”) and US Federal Trade Commission (“FTC”). The Report summarizes the regulatory construct currently protecting the privacy of personal health information held by covered entities (and their business associates) and outlines the agencies’ concerns regarding the lack of similar regulatory oversight over health data usage by mHealth technology developers and other businesses falling outside the scope of HIPAA (each, referred to as a “Non-Covered Entity” or “NCE”).