Overview: This webinar addresses the interplay between HIPAA and the state consumer data privacy laws. Specifically: (1) We provide an overview of HIPAA's applicability to health data. We also discuss the fact that, more and more, health data is not protected by HIPAA with (a) the explosion in digital health tools sold directly to consumers and (b) the consolidation of medical records in the hands of the individual. (2) State consumer privacy laws have helped fill the void left by HIPAA. We discuss CCPA/CPRA, Colorado Privacy Act, Virginia Consumer Data Protection Act and other relevant state laws extending privacy and security protections to health data. (3) To the extent the health data is subject to HIPAA, we discuss the exemptions provided in those state consumer privacy laws to HIPAA governed data. We also touch on exemptions for research and de-identification standards. (4) Lastly, we provide practical tips to those helping guide companies with health data navigate the patchwork of federal and state laws applicable to health data.