WeVote

Bill

Bill

SB 3771

REPRODUCTIVE HEALTH PRIVACY

104th Regular Session Introduced by Celina Villanueva

Illinois requires health information exchanges to segregate abortion data, limit access, and allow opt-out, with fines and private lawsuits for violations.

Rule 3-9(a) / Re-referred to Assignments
0
WeVote Research Nonpartisan
Bill Summary · SB 3771

Summary of SB3771 (104th General Assembly) – Reproductive Health Records Privacy Act

Date introduced: February 5, 2026
Sponsor: Sen. Celina Villanueva (co-sponsor listed)

Purpose
- Create the Reproductive Health Records Privacy Act to protect the privacy of reproductive health information, specifically abortion care, within health information exchanges (HIEs) and related health data systems.
- Amend the Medical Patient Rights Act to clarify privacy rights and allow segregation of abortion-related information in HIEs.

Key provisions

1) Segregation and privacy requirements for abortion-related data
- By July 1, 2027, health information exchanges must develop capabilities, policies, and procedures to:
- (a) Limit user access privileges to systems containing abortion-related medical information.
- (b) Prevent disclosures or transfers of abortion-related information to persons/entities outside Illinois.
- (c) Segregate abortion-related information from the patient’s general record.
- (d) Automatically disable access to segregated abortion-related data by individuals/entities outside the State.
- Fees charged to providers for compliance must be consistent with 45 CFR 171.302.
- The requirement does not apply to a health care provider themselves (i.e., direct providers are not bound by this subsection).

2) Protections, enforcement, and penalties
- Private right of action: Individuals aggrieved by violations may sue for damages, injunctions, or other relief; reasonable attorney’s fees and costs may be awarded to prevailing plaintiffs.
- Illinois Attorney General enforcement: The AG may bring civil actions for injunctive or equitable relief. Courts may impose civil penalties up to $50,000, with consideration of factors such as good faith effort to comply, patient harm, scope and duration of violations, and the defendant’s financial status.

3) Amendments to the Medical Patient Rights Act (410 ILCS 50/3)
- Reaffirms patient rights to privacy and confidentiality of records.
- Emphasizes the right to information about care, consent, and accounting for charges; allows certain disclosures for treatment, payment, and health care operations in compliance with federal privacy rules.
- Specifically permits and governs the segregation of abortion-related information in health information exchanges, and allows patients to opt out of having their information available on an HIE. Opt-out mechanisms reference applicable sections of:
- Mental Health and Developmental Disabilities Confidentiality Act
- AIDS Confidentiality Act
- Genetic Information Privacy Act
- If a patient opts out, physicians or providers are not liable for release of information by other entities that may possess their data (to the extent allowed by law).
- The Act permits disclosures to identified parties for public health, safety, and welfare and states that patient information may be transmitted to an HIE in accordance with allowed disclosures, with opt-out options.

4) Definitions (selected)
- Abortion: as defined in the Reproductive Health Act (Section 81-10).
- Health information exchange: entity facilitating electronic exchange of health information.
- Patient: person who has received or is receiving medical care in Illinois.
- Health care provider: as defined under HIPAA (45 CFR 160.103).

5) Severability
- Provisions are severable.

Potential impact

  • For patients: Strengthened privacy protections for abortion-related information, with explicit opt-out options from HIEs and enhanced control over who can access sensitive data.
  • For providers and health systems: Increased operational requirements to segregate abortion data, implement access controls, and possibly adjust data-sharing workflows to comply with Illinois privacy standards.
  • For privacy enforcement: New private right of action and the possibility of significant penalties for noncompliance, providing a substantial enforcement mechanism alongside AG oversight.
  • For health information exchanges: Mandatory development of separation capabilities by mid-2027, alignment with federal privacy provisions, and potential cost implications for compliance.

Procedural/timeline notes

  • Effective date for segregation capabilities: July 1, 2027.
  • Compliance and enforcement: Private rights of action available to individuals; AG may enforce with injunctive relief and penalties up to $50,000 per violation (subject to statutory considerations).
  • The bill as introduced is currently advancing through Illinois legislative processes (referred to Assignments; later steps pending committee and floor action).

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.