Department of Justice Bulk Sensitive Personal Data Transfer Rule (28 CFR Part 202)
This post is part of our The Top 2025 Privacy and Security Issues Still Shaping Healthcare series, in which our team of attorneys provides essential strategies and insights for healthcare privacy and security.
Overview
On February 28, 2024, President Biden signed Executive Order 14117, “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” This order, implemented through the Department of Justice (DOJ) regulations (28 C.F.R. Part 202) and Cybersecurity and Infrastructure Security Agency (CISA) requirements, creates sweeping new restrictions on the transfer of Americans’ health data to certain foreign countries and entities.