6 CCR 1011-1:II-6.100: Licensed Colorado hospitals must “develop and implement a policy regarding patient rights" including the right to the confidentiality of medical records. 

16 Del. C. § 1006: Grounds on which the Delaware Department of Health and Social Services may deny, suspend or revoke the license of any hospital.

16 Del. C. § 1009A: "A patient’s right of confidentiality shall not be violated in any manner.” 

16 Del. C. § 1010A: Healthcare facilities that violate the Healthcare Associated Infections Disclosure Act, including the provision regarding patient privacy, face revocation of their license or civil penalties.

FL ST § 395.003: The Agency for Health Care Administration may suspend or revoke the license of a hospital that fails to comply with applicable laws and regulations. 

FL ST § 395.3025: Patient records maintained by licensed Florida facilities, including hospitals, are confidential and may not be disclosed without patient consent unless disclosure occurs to specified persons or in specified circumstances.

FL ST § 408.815: The Agency for Health Care Administration may suspend or revoke the license of a health care facility that violates the health care licensing statute or related rules.  

Haw. Admin. Rules (HAR) § 11-93-3: Hawaii grants the Director of the Department of the Health the authority to license, inspect, and discipline hospitals. 

Haw. Admin. Rules (HAR) § 11-93-21: Licensed Hawaii hospitals must maintain confidential medical records that contain information regarding the patient’s identity, diagnosis, treatment, observations, and medical staff orders.

Haw. Admin. Rules (HAR) § 11-93-26: Licensed Hawaii hospitals must establish “[w]ritten policies regarding the rights and responsibilities of patients…” These rights and responsibilities must include, among other items, that the patient is “entitled” to the confidentiality of their medical records. 

IL ST CH 210 § 85/7: The Director of Public Health may suspend or revoke the license of a hospital that fails to comply with the Hospital Licensing Act, Hospital Report Card Act, Illinois Adverse Health Care Events Reporting Law of 2005, or other applicable rules, regulations, and standards. 

Neb. Admin. R. & Regs. Tit. 175, Ch. 9, § 006: Licensed hospitals are required to maintain confidential medical records for at least ten years after a patient’s discharge or three years after a child patient reaches the age of eighteen. 

Neb. Admin. R. & Regs. Tit. 175, Ch. 9, § 008: The Nebraska Department of Health and Human Services Regulation and Licensure may take disciplinary action against a licensed hospital that, among other grounds, fails to comply with the Health Care Facility Licensure Act or the 175 NAC 9 regulations. 

R.I. Admin. Code 31-4-18:27.0: Licensed Rhode Island hospitals must implement measures to ensure the confidentiality of all medical records.

R.I. Admin. Code 31-4-18:7.0: The Rhode Island Department of Health may suspend or revoke a hospital’s license due to their noncompliance with the hospital licensing regulations, including the regulations pertaining to the maintenance and confidentiality of medical records.

SDCL § 34-12-19: The South Dakota Department of Health may suspend the license of a hospital or related institution for violations of the Chapter 34-12 laws or related regulations. 

ARSD 44:04:09:04: Hospitals must establish polices and procedures regarding the maintenance of medical records. The policies and procedures must address, among other items, how to safeguard and protect the confidentiality of medical records. 

12 AAC 40.967: Physicians engage in "unprofessional conduct" when they deviate from professional standards including through the negligent or intentional release of patient information and the failure to properly maintain patient records. 

AS § 08.64.326: Physicians who engage in "unprofessional conduct" will be disciplined. 

C.R.S.A. § 12-36-117: Colorado defines "unprofessional conduct" as including, among other things, the failure to practice medicine within the appropriate standard of care, including the appropriate creation and maintenance of medical records.

C.R.S.A. § 12-36-140:  Licensed Colorado physicians and physician assistants must establish “a written plan to ensure the security of patient medical records.” 

16 Del. C. § 1009A: A patient's confidentiality shall not be violated.

24 Del. C. § 1731: Physicians may be disciplined for "unprofessional conduct," including, among other things, the willful violation of a patient's confidentiality. 

24 DE ADC § 1700-8.0: The "intentional release of confidential [patient] information" without a patient's consent is considered to be "dishonorable or unethical conduct" by the state of Delaware and may result in the discipline of a physician. 

FL ST § 456.072: Health professionals, including physicians, face discipline for violating statutes and regulations that govern their professional practice. 

FL ST § 458.331: Licensed physicians that violate Chapter 458 (regarding medical practice), Chapter 456 (regarding health professions and occupations) or related regulations face the denial of their license or other disciplinary sanctions. 

HRS § 453-8: The Hawaii Medical Board may revoke, limit or suspend a physician's license for practicing in violation of the ethical standards endorsed by the Hawaii Medical Association.

HRS § 453-8.2: Description of the means in which the Hawaii Medical Board may discipline liscensed physicians.

IL ST CH 225 § 60/22: The Department Financial and Professional Regulation may suspend or revoke the license of a physician that among other items, engages in unprofessional, unethical, or dishonorable conduct or violates the Medical Practice Act or related regulations. 

I.C.A. § 147.55: Iowa authorizes the discipline of licensed health care providers that act unethically or violate applicable laws and regulations. 

Iowa Admin. Code 653-13.7: Confidentiality of patient information and maintenance of medical records by a physician are ensured.

Iowa Admin. Code 653-23.1: Iowa establishes numerous grounds for physician discipline including, but not limited to, the “improper management of medical records.” 

KRS § 311.595: The Kentucky Board of Medical Licensure may suspend or revoke the license of a physician for, among other grounds, “willfully violat[ing] a confidential communication.” 

KRS § 311.597: Kentucky defines “dishonorable, unethical, or unprofessional conduct” as including, among other items, the failure to maintain current medical records.

Neb. Admin. R. & Regs. Tit. 172, Ch. 88, § 013: Nevada defines a physician’s unprofessional conduct as including, among other items, a failure to conform to the American Medical Association’s Code of Medical Ethics, violating a patient’s confidentiality, and “failure to keep and maintain adequate records of treatment or service.” 

N.H. Rev. Stat. § 329:17: Physicians that fail to maintain adequate medical records or violate any provision of RSA 332-I, including provisions regarding the confidentiality of medical records, face suspension or revocation of their license. 

V.T.C.A., Occupations Code § 164.053: Texas defines “unprofessional or dishonorable conduct” by physicians as including, among other acts, the failure to keep drug and controlled substance records. 

Tex. Admin. Code tit. 22, § 165.1: Physicians must ensure that their chosen method of destroying medical records maintains patient confidentiality.