LawSnap
Privacy Law And Technology Health Care

A Reminder About Florida’s Ban on Offshore Health Data Storage: What Providers and Vendors Should Know

Published
Source National Law Review open_in_new
Score
10

Why it matters

Core event: In May 2023, Florida enacted Senate Bill 264, amending the Florida Electronic Health Records Exchange Act (codified at Fla. Stat. § 408.051(3)) to ban healthcare providers using certified electronic health record technology (CEHRT) from storing patient information outside the continental United States, its territories, or Canada—including in third-party cloud services or subcontracted facilities.[1][2][4][9]

Involved parties: Key actors include Florida Governor Ron DeSantis, who signed SB 264 into law on May 8, 2023; the Florida Legislature; the Agency for Health Care Administration (AHCA), which enforces compliance via licensure affidavits under Fla. Stat. § 408.810(14); and affected healthcare providers, vendors, and licensees under Chapter 408 of Florida Public Health Law.[1][6][9][10][13]

Context and timeline: The law responded to data sovereignty concerns exceeding federal HIPAA standards, which lack geographic storage restrictions.[1][6] Enacted May 2023, it took effect July 1, 2023, requiring immediate compliance audits, vendor reviews, and contract updates; non-compliance risks AHCA disciplinary action.[1][4][7][13] It aligns with trends in state-level health data protections.[1][8]

Newsworthy now: The March 25, 2026, article by Joseph J. Lazzarotti of Jackson Lewis P.C. serves as a compliance reminder nearly three years post-enactment, urging providers to audit data storage amid rising regulatory focus on foreign access to sensitive health information.[1][2][3]

Sources

[1] https://natlawreview.com/article/reminder-about-floridas-ban-offshore-health-data-storage-what-providers-and-vendors
[2] https://www.workplaceprivacyreport.com/2026/03/articles/health-information-technology/a-reminder-about-floridas-ban-on-offshore-health-data-storage-what-providers-and-vendors-should-know/
[3] https://www.jdsupra.com/topics/offshoring/data-protection/new-legislation/
[4] https://www.joneshealthlaw.com/new-florida-bill-bans-storage-of-health-records-outside-the-continental-united-states-its-territories-or-canada/
[5] https://www.jdsupra.com/topics/new-legislation/phi/state-data-privacy-laws/
[6] https://www.jpfirm.com/news-resources/effective-july-1-florida-law-changes-set-limits-on-storage-of-patient-information-and-maintaining-relationships-with-foreign-countries-of-concern/
[7] https://www.bradley.com/insights/publications/2023/05/new-florida-law-will-ban-offshoring-of-certain-patient-data
[8] https://www.darkhorsetech.com/blogs/special-requirements-in-florida-wisconsin-for-healthcare-data-offshoring-storage
[9] https://www.hipaajournal.com/florida-bans-offshore-storage-of-electronic-health-records/
[10] https://quickreads.ext.katten.com/post/102iep2/florida-health-information-storage-changes-taking-effect-on-july-1-2023
[11] https://howellbuchanandstrong.com/2023/09/protecting-patient-privacy-floridas-new-law-bans-offshore-storage-of-health-records/
[12] https://www.leg.state.fl.us/statutes/index.cfm?App_mode=Display_Statute&URL=0400-0499%2F0408%2FSections%2F0408.051.html
[13] https://www.mintz.com/insights-center/viewpoints/2146/2023-06-20-effective-july-1-florida-will-prohibit-offshore-storage
[14] https://www.hipaajournal.com/hipaa-retention-requirements/
[15] https://www.healthlawadvisor.com/florida-expands-privacy-protections-including-a-ban-on-offshoring-of-certain-patient-data
mail

Get notified about new Privacy developments

Primary sources. No fluff. Straight to your inbox.

Related

View all Privacy

See more entries tagged Privacy.