State Health IT Privacy and Consent Laws and Policies


The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule and 42 Code of Federal Regulations (CFR) Part 2 provide a baseline for the privacy of health information. However, state health information privacy and consent laws and policies vary widely across the U.S., and impose more requirements. These various laws can make it harder for patients to understand what the state laws do and what their consent choices are. Differences can also make it harder for providers to electronically share patients’ information and consent choices across state lines.

In Connecting Health and Care for the Nation: A Shared Nationwide Interoperability Road Map [PDF – 2.7 MB], ONC committed to helping ease confusion around multiple and diverse laws. As part of this pledge, ONC has worked with many partners to develop resources for state policymakers and others who want to navigate the complex privacy and consent legal landscape.





The information here is not intended to serve as legal adivce nor should it substitute for legal counsel. The information presented is not exhaustive, and readers are encouraged to seek additional guidance to supplement the information contained herein.