Data Privacy Laws

Understanding privacy regulations across the United States and around the world

Privacy Regulatory Library

Enterprise compliance requires understanding the full regulatory landscape. I have compiled comprehensive information about privacy laws in the United States and internationally to support your compliance audits and due diligence. View Regulatory Hubs for implementation guides and criteria checklists.

Last updated: March 21, 2026

US State & International Privacy Laws By Region

United States Laws

Comprehensive coverage of state-level privacy laws including CCPA, MHMDA, and emerging legislation across all 50 states.

20+ States with enacted laws
20+ States with pending legislation

Featured Laws:

  • California: CCPA, CPRA
  • Washington: My Health My Data Act
  • Virginia: VCDPA
  • Colorado: CPA
  • Connecticut: CTDPA
View State Laws Guide

International & European Laws

Global privacy regulations including GDPR, PIPEDA, LGPD, and comprehensive frameworks from over 144 countries worldwide.

144+ Countries with data laws
6 Major global frameworks

Featured Regulations:

  • EU: GDPR (General Data Protection Regulation)
  • UK: UK GDPR & Data Protection Act
  • Canada: PIPEDA
  • Brazil: LGPD
  • Japan: APPI
View International Laws

Regulatory Hubs

Evidence-based implementation guides and criteria checklists for key mandates.

All Regulatory Hubs Washington MHMDA Engineering HTI-1 through HTI-4 & USCDI v3/v4 Implementation

Regulatory & Privacy Standards

Federal compliance and technical implementation guidance for health-tech and payers.

ONC FINAL RULE USCDI v3 US CORE 6.1.0

HTI-1 Algorithm Transparency

The Health Data, Technology, and Interoperability (HTI-1) rule mandates that all certified Health IT must provide transparency for "Decision Support Interventions" (DSI) by March 1, 2026 (per ONC enforcement discretion). View ONC certification deadlines.

Key Requirements:

  • (b)(11) Decision Support: Disclosure of source attributes for algorithms.
  • USCDI v3 Migration: Mandatory support for new data classes including SDOH and Provenance.
  • Predictive AI: Specialized transparency for AI-driven clinical tools.

Consultant Implementation

I perform technical audits to ensure your predictive models meet transparency mandates without compromising intellectual property.

  • Clinical Logic Validation: Auditing Sepsis/MEWS triggers for data parity.
  • Mapping USCDI v3: Ensuring "Social Determinants" are technically mapped to FHIR profiles.
  • Algorithm Traceability: Documenting training data provenance for federal review.
45 CFR PART 160 SAFE HARBOR MINIMUM NECESSARY

HIPAA Technical Safeguards

Beyond the paperwork, HIPAA compliance requires rigorous technical controls for Protected Health Information (PHI) in cloud environments.

Key Focus Areas:

  • Technical Access Control: Identity management for AWS/Azure environments.
  • Audit Controls: Recording every instance of PHI access in Databricks/SQL.
  • Transmission Security: Enforcing TLS 1.3 for all FHIR endpoints.

Consultant Implementation

I architect the Technical Safeguards that prevent data breaches in non-production environments.

  • Test Data De-ID: Automated scrubbing of 18 identifiers (Safe Harbor).
  • Lower Env Hydration: Safe daily refreshes of Microsoft CRM with non-PHI data.
  • BAA Technical Scoping: Defining the technical boundaries of "In-Scope" systems.

CIPT-Aligned Privacy Engineering

As a CIPT Candidate, I apply Privacy-by-Design principles to every audit. This ensures that privacy is not a "bolt-on" but is baked into your code from day one.

Data Minimization

Reducing liability by ensuring your app only collects the clinical fields strictly necessary for its purpose.

Transparency by Code

Building automated dashboards that show users exactly how their health data is being used.

Common Privacy Rights Worldwide

While specific laws vary, most modern privacy regulations grant individuals these fundamental rights:

Right to Access

Request and receive a copy of your personal data that organizations hold about you.

Right to Correction

Request correction of inaccurate or incomplete personal information.

Right to Deletion

Request deletion of your personal data under certain circumstances ("right to be forgotten").

Right to Portability

Receive your data in a structured, commonly used, machine-readable format.

Right to Opt-Out

Opt out of data sales, targeted advertising, and certain automated processing.

Right to Security

Expect appropriate security measures to protect your personal information.

How Your Data Health Helps You Achieve Compliance

Your Data Health helps enterprises map their data pipelines to regulatory requirements and architect solutions that meet the strictest global privacy standards.

Multi-Jurisdiction Audits

I audit against GDPR, CCPA, HIPAA, MHMDA, HTI-1, and other major privacy regulations worldwide.

De-Identification Architecture

Zero-Trust pipelines, HIPAA Safe Harbor, and automated scrubbing for FHIR, HL7, and unstructured data.

Right-to-Deletion Workflows

MHMDA "Hard Deletion" compliance: architecting immutable audit logs and backup propagation.

Data Parity & Migration

Legacy vs. modern validation, ingestion QA, and vendor pipeline audits (CMS-9115).

USCDI & HTI-1 Readiness

US Core 6.1.0 migration audits, Algorithm Transparency (b)(11), and USCDI v3 data class mapping.

Cloud-Native Compliance

AWS, Azure, GCP: I help architect compliant pipelines within your existing infrastructure.

Ready to Audit Your Pipeline?

Enterprise compliance auditing for HTI-1, USCDI v3, MHMDA, and clinical data quality.

Audit My Pipelines