The National Academy of Medicine has long advocated for a "learning healthcare system" that produces constantly updated reference data during the care process. Moving toward a rapid learning system to solve intractable problems in health demands a balance between protecting patients and making data available to improve health and health care. Public concerns in the U.S. about privacy and the potential for unethical or harmful uses of this data, if not proactively addressed, could upset this balance. New federal laws prioritize sharing health data, including with patient digital tools. U.S. health privacy laws do not cover data collected by many consumer digital technologies and have not been updated to address concerns about the entry of large technology companies into health care. Further, there is increasing recognition that many classes of data not traditionally considered to be healthcare-related, for example consumer credit histories, are indeed predictive of health status and outcomes. We propose a multi-pronged approach to protecting health-relevant data while promoting and supporting beneficial uses and disclosures to improve health and health care for individuals and populations. Such protections should apply to entities collecting health-relevant data regardless of whether they are covered by federal health privacy laws. We focus largely on privacy but also address protections against harms as a critical component of a comprehensive approach to governing health-relevant data. U.S. policymakers and regulators should consider these recommendations in crafting privacy bills and rules. However, our recommendations also can inform best practices even in the absence of new federal requirements.