The Illinois Health Care Sanctity and Privacy Act

In the fourth quarter of 2025, the Illinois legislature passed, and the governor signed into law, a state privacy law as a part of a larger state legislative response to federal immigration policy. The “Health Care Sanctity and Privacy Act” (the “Act”) includes several new policy and procedural requirements for Illinois-licensed hospitals which go above and beyond the requirements of the HIPAA Privacy Rule.

The new requirements include:

• Identifying a contact person to be notified of law enforcement presence or requests for information;
• Verifying the identification of law enforcement with specific identifiers;
• Designating space in the hospital facility for law enforcement;
• Providing patients with specific notices, including updates to the hospital’s NPP with specific information from the Act;
• The ability for patients to execute an authorization permitting the hospital to discuss with designees of the patient information about the patient’s care;
• Training hospital staff on the requirements of the Act;
• Posting a notice, published by the Department, providing how individuals can seek information about immigration rights; and
• Updating hospital policies to include the above-described requirements.

The updated policy(ies) must be submitted to the Department of Public Health (the “Department”) by all acute care hospitals by January 1, 2026 and all other hospitals by March 1, 2026. The Department will notify hospitals who have failed to submit compliant policies. Additionally, the Department has the power to enforce compliance with the law including assessing a fine of up to $500 per day for failing to develop and implement a policy compliant with the requirements by the applicable deadline.