John Thune actually said...
To the extent not already provided under HIPAA, privacy rules should apply to all individuals and organizations that create, compile, store, transmit, or use personal health information.
Context
Thune emphasizes the need for privacy rules similar to HIPAA for broader health information.
10/09/2018