Guidance From The Sequoia Project on Computable Consent and Privacy

The Sequoia Project’s Privacy and Consent Work Group, co‑chaired by Kevin Day and Mel Sullies, is tackling the growing complexity of health‑data privacy. Their focus is on two pillars: computable consent—translating legal and patient‑specified permissions into machine‑readable rules—and data segmentation, which categorizes health information so that only authorized data is exchanged. The group highlights a stark divergence between federal interoperability goals and a patchwork of state privacy statutes. While the administration pushes for nationwide data flow, states are enacting granular protections for reproductive, behavioral, genetic, and other sensitive data, often with conflicting requirements. This creates overblocking, under‑sharing, and operational risk for organizations that must reconcile dozens of overlapping rules within legacy IT systems. Examples cited include a health system operating in California, Arizona, and Utah that must apply the most restrictive state law to all patients, preventing legitimate data exchange for Utah residents. The work group has already published a landscape‑review white paper and is preparing a guidance document that offers concrete technical standards for states to make their privacy laws enforceable in modern interoperable environments. The implications are significant: consistent, computable consent frameworks could unlock smoother data sharing, reduce legal risk, and restore patient trust. By uniting legal experts, technologists, operators, vendors, and patient advocates, the Sequoia Project aims to create a multistakeholder foundation that aligns policy with technology, paving the way for scalable, privacy‑preserving health information exchange.