HF Logo HF Logo Provider Portal Login
Provider Home

Important Notice Regarding U.S. Department of Justice Regulations on Sensitive Personal Data

Posted Jul 15, 2025

Ensure this information is shared with the appropriate personnel within your organization.

A printable PDF is available here.

 

The United States Department of Justice (DOJ) has issued new regulations titled the “Final Rule on Preventing Access to U.S. Sensitive Personal Data and United States Government-Related Data by Countries of Concern”, codified at 28 C.F.R. Part 202. These regulations impose restrictions on the access, transfer, and handling of bulk U.S. sensitive personal data and U.S. government-related data by Countries of Concern or Covered Persons, as defined in 28 C.F.R. § 202.209 and 28 C.F.R. § 202.211, respectively.

Your Obligations as a Participating Provider

As a participating provider in the Healthfirst network, you may, in the course of your professional relationship with us, obtain or have access to data that qualifies as “bulk U.S. sensitive personal data” under the new regulation.

We are issuing this alert to remind you of your critical obligations under 28 C.F.R. Part 202, specifically:

  • Do Not Share: You must not share any bulk U.S. sensitive personal data obtained from Healthfirst with a Country of Concern or Covered Persons, as these terms are defined in the new DOJ regulation.
  • Safeguard the Data: Ensure appropriate measures are in place within your practice or organization to prevent unauthorized access or disclosure of this regulated data.
  • Review and Update Compliance Practices: We strongly recommend reviewing your internal data handling, privacy, and third-party sharing practices to ensure full compliance with the DOJ directive.

Healthfirst takes data privacy and regulatory compliance seriously. We appreciate your attention to this important matter. This Provider Alert is issued in accordance with our ongoing commitment to regulatory compliance and data protection. Please ensure this information is shared with the appropriate personnel within your organization.

Key Terms
  • Bulk U.S. Sensitive Personal Data: Includes large datasets containing health, financial, biometric, geolocation, or other personally identifiable information of U.S. persons.
  • Country of Concern: As designated by the U.S. Department of Justice, these are foreign countries that pose a risk to national security or data misuse. See 28 C.F.R. § 202.209 – Country of Concern for the full definition.
  • Covered Persons: Individuals or entities that are subject to restrictions under the rule due to their nationality, location, or ownership ties to a Country of Concern. See 28 C.F.R. §202.211 – Covered Person for the full definition.

Questions?

If you have any questions, please contact your Network Account Manager, or call Provider Services at 1-888-801-1660, Monday to Friday, 8:30am-5:30pm.

Coverage is provided by Healthfirst Health Plan, Inc., Healthfirst PHSP, Inc., and/or Healthfirst Insurance Company, Inc. (together, “Healthfirst”).
July 2025

You are now navigating away from the Healthfirst website.

Links to non-Healthfirst websites are provided for your convenience only. Healthfirst is not responsible or liable for the content, accuracy, or privacy practices of linked sites, or for products or services described on these sites.