Sequoia Project Unveils Plan to Unify US Health Data Privacy

VIENNA, Va. – February 09, 2026 – The Sequoia Project, a key non-profit steering nationwide health information exchange, today released a pair of strategic guides designed to untangle the nation's complex web of health data privacy laws. The new resources aim to establish a standardized, automated framework for managing patient consent, a move intended to enhance patient privacy while streamlining the secure flow of medical information between providers, payers, and health systems.

The publications, Guidance to States and Operationalizing Automated Consent, represent a significant step in the organization's long-term effort to achieve "computable consent." This vision, first detailed in an April 2025 whitepaper, seeks to replace manual, inconsistent consent processes with automated systems that can accurately interpret and apply a patient's privacy preferences across different jurisdictions and healthcare settings.

The Problem of the 'Patchwork'

The initiative directly confronts a challenge that has long plagued American healthcare: a fragmented regulatory landscape. While the federal Health Insurance Portability and Accountability Act (HIPAA) sets a baseline for privacy, it does not preempt stricter state laws. This has resulted in a "patchwork" of regulations that creates significant compliance burdens and hinders the development of interoperable technology.

Healthcare organizations operating across state lines must navigate a dizzying array of rules. For instance, the definition of "sensitive data" that requires special consent varies widely. In 2023, Delaware became the first state to explicitly include "pregnancy" as a protected health category. That same year, Texas added "sexuality" to its list of sensitive data, while Oregon's privacy act expanded its definition to include "status as transgender or nonbinary." More recently, New Jersey added "treatment" to its definition, broadening it beyond just a "condition or diagnosis."

This legal divergence creates immense operational complexity. Some states, like Washington with its My Health My Data Act, have implemented strict opt-in consent requirements for all consumer health data, mandating standalone privacy notices and prohibiting data sharing without explicit, affirmative authorization. This stands in contrast to the opt-out models prevalent elsewhere. The result is a system where determining the permitted level of data exchange is a constant struggle, often slowing down access to critical information and increasing legal risk for providers.

The lack of standardization has made it nearly impossible to build automated, high-confidence systems that can honor a patient's specific wishes—such as sharing a general medical history but withholding sensitive behavioral health notes—in a consistent manner nationwide.

A Blueprint for a Computable Future

The Sequoia Project's new resources offer a two-pronged approach to solving this dilemma. The first, Guidance to States: Legislating Technical Standard Definitions for Existing State-Sensitive Health Data Laws, provides state legislators with model language to help align their local privacy laws with national technical standards. The goal is not to replace state laws, but to create a common technical foundation that allows software and networks to understand and execute the specific rules of each state automatically.

"The patchwork of state and federal regulation today hinders the development of computable, automated systems to protect sensitive health data and honors patients' requests to share – or not,” said Melissa Soliz, a partner at Coppersmith Brockelman PLC and co-chair of The Sequoia Project's Interoperability Matters Privacy & Consent Workgroup.

The second document, Operationalizing Automated Consent, serves as an actionable guide for the industry itself. It provides healthcare providers, health systems, and payers with tools and concrete steps to begin implementing computable consent processes. This draft is currently open for public feedback until March 13, 2026, reflecting the collaborative approach the organization is taking.

Kevin Day, principal business advisor at Edifecs, a Cotiviti business, and fellow co-chair of the workgroup, described the guides as "practical playbooks for industry and government to work independently and collaboratively to smooth the path to a – hopefully very near – future of automated and computable consent systems."

Empowering Patients and Streamlining Care

At the heart of this initiative is a push to give patients more meaningful control over their personal health information. The current "all or nothing" approach to consent often forces patients to choose between sharing their entire record or nothing at all. This is a significant barrier, particularly for sensitive information related to behavioral health, substance use, genetic testing, or reproductive health, where fear of bias or misuse can lead individuals to withhold consent entirely.

The new framework advocates for more granular consent, allowing individuals to specify precisely what information can be shared, with whom, and for what purpose. By making consent computable, a patient's preferences could be electronically recorded and automatically enforced whenever their data is accessed. This enhanced control is seen as critical for building patient trust, which is foundational to the success of any data-sharing initiative.

"Privacy and consent are very intimate and personal matters," said Mariann Yeager, chief executive officer of The Sequoia Project.

For healthcare providers and administrators, the benefits are equally compelling. Standardized and automated consent management promises to dramatically reduce the administrative burden and costs associated with navigating the current regulatory maze. It would mitigate legal risks by ensuring more consistent compliance and enable more efficient, secure data exchange. Ultimately, by ensuring the right record is available at the right time—with documented consent—this framework could lead to better-informed clinical decisions and improved patient outcomes.

The Path Forward: Collaboration and Next Steps

The Sequoia Project acknowledges that transforming the nation's health data infrastructure is a complex undertaking that requires broad collaboration. The release of these guides is not an endpoint but a crucial milestone in an ongoing process.

The organization is actively soliciting feedback on the Operationalizing Automated Consent guide from all corners of the healthcare industry. To further discussion, a free public webinar is scheduled for March 24, 2026, to provide a deep dive into the resources and facilitate a public Q&A session.

Looking ahead, Yeager announced plans to continue the momentum. "This spring, we are launching a broader roundtable of stakeholders who will be working on these challenges to continue to develop tools and guides to advance standards-based delivery of the right record, at the right time, at the right place – with appropriate and documented consent," she stated.

This collaborative effort, involving government bodies, healthcare organizations, and technology vendors, will be essential for overcoming the inevitable technical, financial, and legislative hurdles. While the road to fully automated, nationwide computable consent is long, these new playbooks provide a clear and actionable map for the journey ahead, promising a future where patient privacy and seamless data exchange are no longer competing ideals but mutually reinforcing pillars of a modern healthcare system.