Alabama AL

Alabama Personal Data Protection Act (HB 351)Data Breach Notification (Ala. Code § 8-38-1)SB 63 — AI in health care coverage (pending)

Alabama's regulatory landscape for healthcare AI is evolving. The Alabama Personal Data Protection Act establishes consumer data rights including access, deletion, and opt-out for advertising, with exemptions for certain healthcare entities and data. Alabama's Data Breach Notification Act requires prompt notification when personal data is compromised. Pending legislation (SB 63) would also regulate how health care plans use AI in coverage determinations. BastionGPT supports Alabama-based clinicians with HIPAA-compliant AI that never uses customer data for training AI models, and BastionGPT's consent guidance helps practices stay ahead of Alabama's emerging compliance requirements.

Alaska AK

APIPA (AS 45.48)Health Information Privacy (AS 18.23)HIE Confidentiality (AS 18.23.310)Telehealth (AS 08.02.130)

Alaska does not yet have a comprehensive consumer data privacy law, but healthcare organizations must comply with state-specific health information privacy statutes and the Alaska Personal Information Protection Act, which governs breach notification. Alaska's Health Information Privacy Statutes (AS 18.23) set strict requirements for the collection, release, and security of health care information, including protections for sensitive categories like HIV/AIDS, mental health, and substance abuse records. Alaska's telehealth statutes also apply to AI-assisted clinical workflows delivered remotely. BastionGPT's privacy-first design, with strong encryption and secure data handling aligns with Alaska's emphasis on securing health information and protecting patient confidentiality across in-person and telehealth settings.

Arizona AZ

Medical Claims & Prior Auth (HB 2175)Breach Notification (A.R.S. § 18-552)HB 2311 — AI chatbot regulation (pending)Insurance Utilization Review (Title 20)

Arizona has taken a strong stance on keeping licensed physicians in control of clinical decisions involving AI. HB 2175 requires that a licensed medical director personally review any insurance denial involving medical necessity, preventing AI from independently denying claims or prior authorizations. Arizona's Data Breach Notification Law requires businesses to notify affected individuals and the Attorney General following a breach. Pending legislation (HB 2311) would introduce additional AI chatbot disclosure requirements. BastionGPT reinforces Arizona's human-in-the-loop philosophy: it drafts and assists, while licensed clinicians retain full control of every clinical decision.

Arkansas AR

APIPA (Ark. Code § 4-110-101)Arkansas Data Privacy Act (ADPA)Children & Teens' Online PrivacyH 1297 — AI in insurer decisions (pending)H 1816 — AI in healthcare records (pending)

Arkansas has a comprehensive consumer data privacy law (the ADPA) that includes protections for medical information and biometric data, along with breach notification requirements. Pending healthcare AI legislation (H 1297 and H 1816) would regulate how insurers and providers use AI in clinical decisions and medical record generation. BastionGPT operates as a documentation tool under clinician supervision, never makes autonomous clinical decisions, and processes all data within HIPAA-compliant, HITRUST-certified infrastructure.

California CA

CCPA / CPRACMIA (Cal. Civil Code § 56)AB 3030 — AI patient disclosuresSB 1120 — Physicians Make Decisions ActAB 489 — AI healthcare deceptionSB 942 — CA AI Transparency ActSB 243 — Companion Chatbots ActAB 2013 — GAI Training Data TransparencySB 53 — CA TFAIAAB 45 — consumer health data privacySB 361 — data broker amendments for GAISB 1223 — neural data as sensitive PI

California has the most extensive healthcare AI regulatory framework in the country. The CCPA/CPRA and the CMIA establish broad consumer and patient data rights. AB 3030 requires healthcare providers to disclose when patient communications are generated by AI. SB 1120 ensures AI cannot independently deny, delay, or modify care based on medical necessity. AB 489 prohibits AI from using terms that imply it holds a healthcare license. BastionGPT supports compliance by operating as a clinician-supervised assistant, never representing itself as a licensed professional, and BastionGPT's consent guidance helps practices meet AB 3030's disclosure obligations.

Colorado CO

Colorado Privacy Act (CPA)Colorado AI Act (SB 24-205 / ADAI)Consumer Protection ActBreach Notification (C.R.S. § 6-1-716)

Colorado is home to one of the most comprehensive AI consumer protection laws in the United States. The Colorado AI Act (SB 24-205) requires developers and deployers of "high-risk" AI systems to conduct impact assessments, prevent algorithmic discrimination, and provide consumer disclosures. It includes a partial exemption for HIPAA-covered entities. The Colorado Privacy Act adds consumer data rights and opt-out mechanisms for profiling. BastionGPT is designed as a clinical documentation tool under provider supervision, not as a system that makes consequential decisions about patient care.

Connecticut CT

CTDPA (§ 42-515)AI/LLM Disclosure (Public Act 25-113)CTDPA Overhaul (SB 1295)CUTPABreach Notification (§ 36a-701b)Safeguards Law (§ 42-471)

Connecticut has rapidly expanded its data privacy framework with direct implications for AI. The CTDPA now requires businesses to disclose whether they collect, use, or sell personal data for training LLMs, and mandates impact assessments for automated decision-making. SB 1295 lowered applicability thresholds, broadened the definition of sensitive data, and strengthened protections for minors. BastionGPT's strong data security and privacy policies mean patient data is never used for AI model training, directly addressing the CTDPA's core disclosure concerns.

Delaware DE

DPDPA (HB 154, Title 6 Ch. 12D)Breach Notification (Title 6 § 12B-101)Online Privacy & Protection Act

Delaware's Personal Data Privacy Act stands out because it does not include an entity-level exemption for HIPAA-covered entities. While there are data-level exemptions for PHI, HIPAA-regulated organizations must still comply with the DPDPA's broader consumer data provisions for data outside PHI. The law grants consumers rights to access, correct, delete, and opt out of advertising and profiling. BastionGPT's HIPAA-compliant design and strict data minimization practices support Delaware clinicians navigating this overlap.

Florida FL

FIPA (Fla. Stat. § 501.171)Florida Digital Bill of RightsFDUTPASB 482 — FL AI Bill of Rights (pending)

Florida is actively shaping AI regulation in healthcare. FIPA imposes strict breach notification requirements, including a 30-day window and expanded definitions covering medical records. The proposed Florida AI Bill of Rights (SB 482) would require transparency when consumers interact with AI, restrict AI from delivering licensed therapy, and prohibit AI from serving as the sole basis for insurance claim decisions. The FDBR includes a HIPAA-covered entity exemption. BastionGPT is a HIPAA-compliant AI assistant operating under licensed provider supervision.

Georgia GA

Personal Identity Protection (O.C.G.A. § 10-1-910)Fair Business Practices ActSB 444 — AI insurance decisions (pending)SB 540 — AI chatbot disclosure (pending)

Georgia does not currently have a comprehensive consumer data privacy statute. The Personal Identity Protection Act requires breach notification "in the most expedient time possible." Case law (Bland v. Urology of Greater Atlanta, 2025) established a common law duty of care to protect PII. In 2026, Georgia advanced SB 444 (prohibiting AI-sole insurance coverage decisions) and SB 540 (chatbot disclosure and child safety). BastionGPT operates under provider supervision and does not make coverage determinations.

Hawaii HI

Breach Notification (HRS Ch. 487N)Personal Information Protection (Ch. 487J)Unfair/Deceptive Acts (§ 480-2)

Hawaii does not currently have a comprehensive consumer data privacy law or AI-specific statute. The breach notification law (HRS Ch. 487N) requires businesses to notify affected individuals without unreasonable delay. The Personal Information Protection Act (Ch. 487J) governs how businesses handle, store, and dispose of personal information. BastionGPT supports compliance through its HIPAA-compliant architecture, strong encryption, and blocking of any AI training on customer data.

Idaho ID

Breach Notification (§ 28-51-104)Consumer Protection ActAI Chatbot Safety Law (SB 1297)

In 2026, Idaho passed SB 1297, a chatbot safety bill establishing safety standards for conversational AI, requiring protocols for adult and minor users, and mandating a persistent disclaimer that the user is interacting with AI. BastionGPT is not a consumer-facing chatbot, and is instead a HIPAA-compliant documentation tool used by licensed healthcare providers for clinical note-taking and AI-assisted workflows.

Illinois IL

BIPA (740 ILCS 14)WOPR Act (Public Act 104-0054)PIPA / Breach (815 ILCS 530)Consumer Fraud Act (815 ILCS 505)

Illinois has one of the most active regulatory environments for healthcare AI. The WOPR Act (2025) prohibits AI from providing therapy, making independent therapeutic decisions, or directly interacting with clients therapeutically, while carving out "administrative support" and "supplementary support" as permitted. BIPA imposes strict consent requirements for biometric identifiers including voiceprints, with a private right of action. BastionGPT fits within WOPR's permitted categories: it drafts clinical notes, transcribes sessions, and supports administrative tasks without engaging in therapeutic communication or emotion detection.

Indiana IN

INCDPA (Ind. Code Title 24, Art. 15)Breach Notification (§ 24-4.9)Deceptive Consumer Sales Act

Indiana's INCDPA (effective January 1, 2026) gives residents rights to access, correct, delete, and port personal data, with data protection impact assessments required for sensitive data. The law includes a HIPAA exemption. Indiana's breach notification statute carries penalties of up to $150,000 per deceptive act, with a permanent 30-day cure period. BastionGPT processes clinical data under HIPAA safeguards.

Iowa IA

Iowa CDPA (Ch. 715D)Breach Notification (§ 715C)Consumer Fraud Act (§ 714.16)

Iowa's CDPA (effective January 1, 2025) includes entity-level exemptions for HIPAA-subject organizations and data-level exemptions for PHI. The 2026 session also advanced HF 2635, addressing insurer use of AI in utilization review and prior authorization. BastionGPT operates within the HIPAA framework, and its privacy-first design aligns with Iowa's data protection expectations.

Kansas KS

Breach Notification (K.S.A. § 50-7a01)Consumer Protection ActHealth Information Technology Act

Kansas does not yet have a comprehensive consumer data privacy law. The breach notification law requires notification "in the most expedient time possible" and reporting breaches of 1,000+ individuals to consumer reporting agencies. In 2026, Kansas introduced HB 2311 (chatbot safety) and HB 2671 (Kansas Community Harmed by AI Technology Act). BastionGPT is a clinical documentation tool, not a consumer-facing chatbot.

Kentucky KY

KCDPA (KRS § 367.400)Breach Notification (KRS § 365.732)Consumer Protection ActTelehealth Laws

Kentucky's KCDPA grants consumers rights over their personal data including access, correction, deletion, and opt-out of sales and advertising. The law includes a HIPAA exemption. BastionGPT's privacy-first design supports Kentucky providers in meeting data protection requirements.

Louisiana LA

Breach Notification (La. R.S. § 51:3071)LUTPAMedical Records Privacy (§ 40:1165.1)Telehealth Laws

Louisiana requires organizations to maintain reasonable security practices and notify individuals promptly following a breach. The LUTPA prohibits deceptive practices, extending to how AI tools represent their capabilities. Louisiana maintains specific medical records privacy provisions governing consent, access, and disclosure. BastionGPT keeps providers in control of documentation workflows.

Maine ME

MCPA (10 M.R.S. § 1347)Broadband Internet Privacy LawBreach Notification (§ 1348)Unfair Trade Practices Act

Maine has been proactive in consumer data privacy laws, including its broadband internet privacy law restricting how providers use and share personal data. The breach notification statute requires notification to individuals and the state regulator when personal data is compromised. BastionGPT provides a secure, compliant AI assistant and AI transcription under clinician oversight.

Maryland MD

MODPA (Com. Law § 14-4801)MPIPA / Breach (§ 14-3501)Medical Records Confidentiality (Health-Gen. § 4-301)HIE Regulations (COMAR 10.25.18)

Maryland's MODPA establishes consumer data rights including access, correction, deletion, and opt-out from advertising, with exemptions for HIPAA-covered entities and PHI. The Confidentiality of Medical Records Act provides additional state-specific rules around consent, disclosure, and access to health records. BastionGPT functions as a clinical documentation tool under provider control.

Massachusetts MA

Data Privacy Law (201 CMR 17.00)Breach Notification (M.G.L. c. 93H)Chapter 93A Consumer ProtectionPatient Rights (105 CMR 130.000)

Massachusetts maintains one of the strictest data security frameworks through 201 CMR 17.00, requiring a comprehensive written information security program (WISP) with encryption, access controls, and employee training. Chapter 93A applies to deceptive or unfair AI practices. BastionGPT's security-first architecture supports the technical safeguards Massachusetts requires.

Michigan MI

Identity Theft Protection (MIPA; MCL § 445.61)Consumer Protection ActMedical Records Access (MCL § 333.26261)

Michigan's Identity Theft Protection Act requires businesses to notify individuals and the attorney general following a data breach. The Consumer Protection Act prohibits unfair and deceptive practices. Michigan maintains specific medical records access provisions. While Michigan does not yet have a comprehensive consumer privacy statute, BastionGPT operates as a secure AI assistant under clinician supervision.

Minnesota MN

MCDPA (§ 325O)MGDPA (§ 13.01)Breach Notification (§ 325E.61)Health Records Act (§ 144.291)

Minnesota's MCDPA grants consumers data access, correction, deletion, and opt-out rights while requiring data protection assessments for high-risk processing. The state's Health Records Act provides Minnesota-specific rules that apply in addition to HIPAA, making it one of the more protective health privacy requirements. BastionGPT is purpose-built as a healthcare AI transcriptionist and assistant under clinician control.

Mississippi MS

Breach Notification (§ 75-24-29)Consumer Protection ActMedical Records Confidentiality (§ 41-9-61)

Mississippi maintains a leaner privacy framework, with primary protections from the breach notification statute and Consumer Protection Act. Medical records statutes establish patient consent and confidentiality requirements. BastionGPT keeps Mississippi providers in control of documentation.

Missouri MO

Breach Notification (§ 407.1500)Merchandising Practices ActHealth Information Privacy (§ 191.227)

Missouri's framework is built around its breach notification law and Merchandising Practices Act. The health information privacy statute (§ 191.227) establishes patient rights to access medical records and sets conditions for disclosure. BastionGPT operates as a compliant healthcare AI assistant under direct clinician oversight.

Montana MT

MCDPA (MCA § 30-14-2801)Breach Notification (§ 30-14-1704)Insurance Data Security ActGenetic Information Privacy

Montana's MCDPA grants consumers rights over their personal data (including access, correction, deletion, and opt-out of data sales, advertising, and profiling). The law requires data protection assessments for heightened-risk processing. BastionGPT's privacy-first design helps Montana clinicians adopt AI-powered clinical documentation while staying aligned with the state's requirements.

Nebraska NE

NDPA (§ 87-1101)Breach Notification (§ 87-801)Consumer Protection ActInsurance Data Security Act

Nebraska's Data Privacy Act extends consumer data rights including access, deletion, correction, and opt-out rights. The law requires organizations processing health data to obtain consent and conduct data protection assessments. BastionGPT is purpose-built as a healthcare AI assistant that operates under provider oversight.

Nevada NV

SB 220 Privacy Act (NRS § 603A.300)Breach Notification (NRS § 603A.010)Consumer Health Data Privacy (SB 370)Insurance Data Security

Nevada stands out with a dedicated Consumer Health Data Privacy Law (SB 370) imposing specific obligations including geofencing restrictions near healthcare facilities and opt-in consent for the sale of health data. Nevada's SB 220 was among the first state laws granting consumers the right to opt out of data sales. BastionGPT is designed exclusively for healthcare providers and processes clinical data under provider direction.

New Hampshire NH

NH Privacy Act (RSA § 507-H:1)Breach Notification (RSA § 359-C:19)Consumer Protection ActInsurance Data Security (RSA § 420-P)

New Hampshire's Privacy Act grants consumers rights to access, correct, delete, and port personal data, with opt-out rights for advertising, data sales, and profiling. The law requires data protection assessments for high-risk processing involving sensitive data such as health information. BastionGPT helps New Hampshire healthcare providers adopt AI-powered documentation without compromising compliance.

New Jersey NJ

NJDPA (N.J.S.A. § 56:8-166)Identity Theft Prevention / BreachConsumer Fraud ActInsurance Data SecurityAI Transparency in Healthcare (S.B. 2483)

New Jersey's comprehensive Data Privacy Act provides robust consumer data rights with data protection assessment requirements for sensitive information. The state has also moved toward AI transparency in healthcare, requiring disclosure when AI is used in clinical interactions. BastionGPT supports New Jersey clinicians with a compliant AI assistant under direct provider supervision.

New Mexico NM

Breach Notification (NMSA § 57-12C-1)Unfair Practices ActInsurance Data Security Act

New Mexico does not yet have a comprehensive consumer data privacy law. The Breach Notification Act requires prompt notification to individuals and the attorney general. The Insurance Data Security Act mandates cybersecurity programs for insurance licensees. BastionGPT's healthcare-focused, privacy-first design helps New Mexico providers adopt AI-powered clinical documentation while maintaining alignment with existing requirements.

New York NY

SHIELD Act (Gen. Bus. Law § 899-aa)Consumer Protection (§ 349)DFS Cybersecurity Reg. (23 NYCRR 500)NYC Local Law 144 (AEDT)NY Health Info Privacy Act (proposed)AI Consumer Protection Act (proposed)

New York has one of the most active regulatory environments for data security and emerging AI governance. The SHIELD Act requires reasonable data security safeguards with expansive breach notification. The DFS Cybersecurity Regulation imposes rigorous requirements on financial and insurance entities. NYC's Local Law 144 addresses automated decision-making in employment, signaling broader AI accountability interest. BastionGPT is built with privacy-first design that aligns with New York's strong data security standards.

North Carolina NC

Identity Theft Protection (§ 75-60)UDTPA (§ 75-1.1)Insurance Data Security ActHealth Information Exchange Act

North Carolina does not have a comprehensive consumer data privacy statute, but its Identity Theft Protection Act includes breach notification with specific timelines, and the UDTPA gives the attorney general broad enforcement authority. BastionGPT is a healthcare AI assistant under provider supervision.

North Dakota ND

Breach Notification (§ 51-30-01)Consumer Fraud ActInsurance Data Security Act

North Dakota's privacy landscape is shaped by its Breach Notification Law and Consumer Fraud Act. The Insurance Data Security Act mandates comprehensive cybersecurity programs for insurance licensees. BastionGPT's privacy-first design helps North Dakota providers draft patient encounters securely.

Ohio OH

Personal Privacy Act (SB 165)Cybersecurity Safe Harbor (SB 220)Breach Notification (ORC § 1349.19)Consumer Sales Practices Act

Ohio's Personal Privacy Act provides consumer data rights including access, deletion, and opt-out. The Data Protection Act (SB 220) offers a safe harbor for businesses with cybersecurity programs aligned with NIST or HIPAA. BastionGPT's privacy-first design supports Ohio providers in meeting these standards.

Oklahoma OK

Computer Data Privacy (74 O.S. § 3113.1)Breach Notification (24 O.S. § 163)Consumer Protection Act

Oklahoma's approach centers on breach notification and consumer protection. The Security Breach Notification Act requires notification to affected residents following a breach. Although Oklahoma has not enacted comprehensive consumer privacy or AI-specific legislation, healthcare providers must comply alongside HIPAA. BastionGPT's security controls support Oklahoma clinicians.

Oregon OR

OCPA (ORS § 646A.570 / SB 619)Breach Notification (ORS § 646A.600)Identity Theft ProtectionGenetic Information Privacy

Oregon's OCPA grants consumers rights to access, correct, delete, and port personal data, with opt-out rights for advertising, data sales, and profiling. The OCPA includes data protection assessment requirements for high-risk processing. BastionGPT supports Oregon healthcare providers with compliant AI-powered clinical documentation as a provider-supervised tool.

Pennsylvania PA

Breach Notification (73 P.S. § 2301 / Act 94)Consumer Protection LawTwo-Party Consent (18 Pa.C.S. § 5701)Health Care Facilities Act

Pennsylvania's regulatory environment features its two-party consent wiretapping law (one of the strictest in the nation) requiring all parties to consent to recording communications. This is particularly relevant for AI clinical scribes. BastionGPT has published guidance on consent practices and is built to operate transparently within provider workflows.

Rhode Island RI

Data Transparency & Privacy (§ 6-48.1)Identity Theft / Breach (§ 11-49.3)Health Care Confidentiality (§ 5-37.3)Insurance Data Security

Rhode Island's Data Transparency and Privacy Protection Act provides comprehensive consumer privacy rights. The Confidentiality of Health Care Communications and Information Act specifically governs health care information held by providers and insurers. BastionGPT's secure, privacy-first design supports both general consumer privacy and health-specific confidentiality requirements.

South Carolina SC

Insurance Data Security (§ 38-99-10)Breach Notification (§ 39-1-90)Unfair Trade Practices ActPhysicians Patient Records (§ 44-115-10)

South Carolina's Insurance Data Security Act, modeled on the NAIC model law, requires licensed insurers to implement information security programs. The breach notification law mandates prompt notice when personal data is compromised. BastionGPT helps South Carolina professionals adopt AI-powered clinical documentation through its privacy-by-design architecture.

South Dakota SD

Breach Notification (SDCL § 22-40-19)Insurance Data SecurityConsumer Protection Act

South Dakota maintains a streamlined regulatory environment with no comprehensive consumer privacy law or AI-specific legislation. Primary protections come from the breach notification law and Insurance Data Security Law. BastionGPT's secure platform makes it straightforward for South Dakota providers to use compliant AI documentation tools.

Tennessee TN

TIPA (§ 47-18-3201)ELVIS Act (§ 47-25-1101)Breach Notification (§ 47-18-2107)Insurance Data Security Act

Tennessee's ELVIS Act (the first U.S. law to specifically address AI replication of an individual's voice or likeness without consent) makes it a notable state for AI regulation. TIPA provides comprehensive consumer privacy including data rights and opt-out for profiling. BastionGPT operates under direct provider supervision and does not involve replication of patient voices or likenesses.

Texas TX

TMRPA (Health & Safety § 181.001)Breach Notification (Bus. & Com. § 521.001)TDPSA (Bus. & Com. § 541.001)DTPATRAIGA (HB 1709)

Texas's Medical Records Privacy Act imposes stricter requirements than HIPAA in some respects, including a broader definition of covered entities and explicit consent mandates for electronic health data disclosures. The TDPSA extends consumer data rights. TRAIGA addresses transparency and accountability for automated decision systems. BastionGPT's privacy-first design helps Texas professionals adopt AI tools aligned with these layered requirements.

Utah UT

UCPA (§ 13-61-101)UAIPA (SB 149 / § 13-72-101)Breach Notification (§ 13-44-101)Electronic Health Records Act

Utah's UCPA provides consumer data rights and opt-out rights for advertising and data sales. The UAIPA (SB 149) establishes disclosure obligations for generative AI interactions and creates a regulatory sandbox for AI innovation. BastionGPT provides a compliant AI documentation platform under clinician oversight.

Vermont VT

VDPA (9 V.S.A. § 2417 / Act 44)Data Broker Regulation (§ 2446)Breach Notification (§ 2430)H.210 — AI Transparency (proposed)

Vermont pioneered the nation's first Data Broker Regulation Act. The VDPA (Act 44) extends comprehensive consumer data rights with provisions for sensitive health data. Vermont has also introduced AI transparency legislation. BastionGPT operates under direct provider supervision, aligning with Vermont's emphasis on transparency and consumer control.

Virginia VA

VCDPA (Va. Code § 59.1-575)High-Risk AI Act (HB 2094)Breach Notification (§ 18.2-186.6)Health Records Privacy (§ 32.1-127.1:03)

Virginia was among the earliest states to enact comprehensive consumer data privacy through the VCDPA. The High-Risk AI Developer and Deployer Act (HB 2094) targets algorithmic discrimination and requires impact assessments for high-risk AI. BastionGPT is a clinical documentation AI assistant and transcription service that assists providers rather than making decisions about patient care.

Washington WA

My Health My Data Act (MHMDA)Breach Notification (RCW § 19.255)Consumer Protection ActUniform Health Information ActPeople's Privacy Act (SB 5838, proposed)

Washington's MHMDA is among the most consequential health data privacy laws nationally. It applies broadly beyond HIPAA, requires affirmative consent before health data collection, and provides a private right of action. BastionGPT's privacy-first design and Bastion Intelligence's published consent guidance are especially relevant here, where the MHMDA's consent requirements are among the strictest in the country.

West Virginia WV

WVCDPA (W. Va. Code § 46B-6-101)Breach Notification (§ 46A-2A-101)Consumer Credit & Protection Act

West Virginia's WVCDPA establishes consumer rights to access, correct, delete, and port personal data, with opt-out rights for advertising, data sales, and profiling. The law requires data protection assessments for sensitive data. BastionGPT provides a secure, provider-supervised AI assistant built with privacy at its core.

Wisconsin WI

Breach Notification (§ 134.98)Consumer ActDeceptive Trade PracticesPatient Health Care Records (§ 146.81)

Wisconsin does not have a comprehensive consumer data privacy law or AI-specific legislation. However, the Patient Health Care Records Law (§ 146.81) governs confidentiality, access, and disclosure of patient health information with consent requirements. BastionGPT's privacy-first design aligns with the state's health information confidentiality requirements.

Wyoming WY

Breach Notification (§ 40-12-501)Consumer Protection ActTelehealth Act

Wyoming maintains a minimal regulatory footprint for data privacy and AI-specific legislation. The breach notification law requires timely notice when personal identifying information is compromised. The Consumer Protection Act prohibits deceptive and insecure business practices. BastionGPT offers Wyoming professionals a secure, HIPAA-aligned AI copilot under direct clinician supervision.