Kentucky Tweaks HIPAA Exemption in Comprehensive Privacy Law
Kentucky tweaked its comprehensive privacy law to flesh out an exemption for data subject to the Health Insurance Portability and Accountability Act (HIPAA). Gov. Andy Beshear (D) signed the amendment (HB-473) to the 2024 privacy law Saturday after it passed the legislature unanimously (see 2503130017).
Sign up for a free preview to unlock the rest of this article
The HIPAA exemption would now cover information “collected by a health care provider who is a covered entity that maintains protected health information in accordance with HIPAA and related regulations” and information “included in a limited data set as described in” Section 164.514(e) of the federal code “to the extent the information is used, disclosed, and maintained as specified in” that section.
The Kentucky Consumer Data Protection Act, as amended by HB-473, takes effect Jan. 1, 2026.