This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.

In 2025, eight new U.S. state privacy laws took effect and several states tightened existing regulations, significantly impacting healthcare organizations. Major changes include strengthened opt-out rights, new protections for minors, expanded coverage to smaller entities, compliance incentives such as Tennessee’s NIST-based safe harbor, and increased enforcement—particularly around consumer-facing technologies and data disclosures. States like Connecticut and Iowa exemplify the varied approaches, with Connecticut lowering thresholds and broadening scope, and the Iowa law remaining more limited. Healthcare leaders must reassess compliance strategies, update consent workflows, and audit technical platforms to stay aligned with evolving requirements and enforcement trends.

Contact us 

For further details or additional information, please contact Noreen Vergara or another member of the Husch Blackwell Healthcare Privacy and Security Work Group.