In 2025, eight new U.S. state privacy laws took effect and several states tightened existing regulations, significantly impacting healthcare organizations. Major changes include strengthened opt-out rights, new protections for minors, expanded coverage to smaller entities, compliance incentives such as Tennessee’s NIST-based safe harbor, and increased enforcement—particularly around consumer-facing technologies and data disclosures. States like Connecticut and Iowa exemplify the varied approaches, with Connecticut lowering thresholds and broadening scope, and the Iowa law remaining more limited. Healthcare leaders must reassess compliance strategies, update consent workflows, and audit technical platforms to stay aligned with evolving requirements and enforcement trends.
[View source.]
