Skip to main content
NOPE
In Effect Law Data Protection

Puerto Rico Act 111-2005

Act 111-2005 on the Privacy of Medical Information

Puerto Rico's medical information privacy law with breach notification requirement 'as expeditiously as possible' - stricter than federal standards.

Jurisdiction

Puerto Rico

Enacted

Oct 25, 2005

Effective

Jan 1, 2006

Enforcement

Puerto Rico Department of Health

US territory - complementary to federal HIPAA

Puerto Rico OGP

Why It Matters

Puerto Rico's 'as expeditiously as possible' breach notification for medical info creates potentially stricter timeline than HIPAA for mental health chatbots processing Puerto Rican users' data.

At a Glance

Applies to

Mental Health App

Who Must Comply

  • Healthcare providers in Puerto Rico
  • Entities processing medical information
  • Mental health service providers

Obligations fall on:

Safety Provisions

  • Medical information privacy protections
  • Breach notification 'as expeditiously as possible'
  • Patient consent requirements
  • Security safeguards for medical data

Compliance & Enforcement

Penalties

Civil penalties for violations

View on map

Puerto Rico

Focus Areas

Mental health & crisis

Cite This

APA

Puerto Rico. (2005). Act 111-2005 on the Privacy of Medical Information.

Related Regulations

In Effect PR

Puerto Rico Cybersecurity Act

Puerto Rico's comprehensive cybersecurity law establishing cybersecurity framework for public and private sectors, complementing Act 111-2005 breach notification.

In Effect CARICOM

CARICOM CCSCAP 2025

CARICOM's 2025 regional cyber security framework establishing digital safety culture and coordinated incident response across 18 member states.

In Effect CL

Chile Cybersecurity Law

First cybersecurity framework law in Latin America (Law 21,663 promulgated Mar 26, 2024; published Apr 8, 2024). Creates National Cybersecurity Agency (ANCI), mandatory incident reporting, and encryption rights.

In Effect AR

Argentina AI Strategy

Non-binding AI governance guidelines establishing principles for responsible AI use. Argentina positioning as AI innovation hub with limited regulatory barriers. Emphasizes transparency, accountability, and human oversight. Multiple legislative proposals pending inspired by EU AI Act, aiming to establish formal regulatory authority.

Failed CA

AIDA

Would have regulated high-impact AI systems with potential penalties up to $25M or 5% global revenue. Part of Bill C-27 which died when Parliament ended.

In Effect PE

Peru AI Regulations

Peru's first comprehensive AI regulatory framework, inspired by EU AI Act. Establishes three-tier risk-based approach: prohibited uses, high-risk systems (including healthcare), and low-risk/acceptable AI. First general AI regulation in Latin America. Requires human oversight, transparency, and risk assessments for high-risk AI including healthcare applications.

All regulations Check if this applies to you

Last updated January 18, 2026. Verify against primary sources before relying on this information.