top of page
Doctor with Files
Compliance - Offshoring PHI
Protecting Patient Information: Florida’s New Healthcare Regulations

In an age of advanced technology and interconnected healthcare systems, the protection of patient information is paramount. Florida has taken a significant step towards safeguarding the privacy and security of patient data with a new law that came into effect on July 1, 2023. This regulation prohibits certain healthcare providers from offshoring patient information, underlining the state's commitment to data security.

Florida's New Data Security Regulations

Under this legislation, maintaining or storing patient information outside of the United States or Canada is now considered a violation of Florida law. The scope of this law extends beyond healthcare facilities within the state to encompass any healthcare providers using certified electronic health record technologies. This means that qualified electronic health records, whether stored directly or through third-party entities, must remain within the United States, its territories, or Canada.


Physicians and healthcare organizations are now obligated to ensure that their Electronic Health Records (EHR) IT vendors comply with this law. To avoid potential legal consequences, they must confirm that their EHR systems and patient data are hosted within the designated geographic regions.

Complying with the New Regulations

The new law introduces further compliance measures for clinics and physician-owned practices in Florida. Any entity submitting an initial or renewal licensure application to the Agency for Health Care Administration (AHCA) must sign an affidavit confirming compliance with the requirement to store patient data domestically. This affidavit is a legally binding document, subject to penalties of perjury, making it crucial for healthcare providers to take this regulation seriously.


In addition to the compliance certification, healthcare providers must remain vigilant in ensuring that any individuals or entities with a controlling interest in their practice do not hold any direct or indirect stake in businesses with a connection to “foreign countries of concern.” The law defines these countries as the People’s Republic of China, the Russian Federation, the Islamic Republic of Iran, the Democratic People’s Republic of Korea, the Republic of Cuba, the Venezuelan regime of Nicolás Maduro, or the Syrian Arab Republic. This regulation aims to mitigate potential security risks associated with international business relationships in healthcare.

Reporting Violations and Seeking Guidance

Ensuring compliance with these regulations is essential for healthcare providers in Florida. Any violation of these data security laws could result in disciplinary action by AHCA. To further support adherence to healthcare regulations and to report any violations, healthcare professionals can contact the Genuine Health Compliance Officer at or the Compliance Hotline at 786-878-5500, Option 4.


The new law not only strengthens data security and privacy in healthcare but also underscores the state of Florida's commitment to protecting patient information. By following these regulations, healthcare providers can maintain the trust of their patients while contributing to the broader goal of ensuring the safety and integrity of healthcare data in the digital age.

bottom of page