Across the United States, the question of patient privacy and security issues continue to present challenges for states as they seek to implement patient Health Information Exchange (HIE) and Health Information Technology (HIT) programs. While the Federal government has provided an overarching framework to ensure this privacy and security, each state across country is realizing mixed results as it seeks to bring its respective privacy and security laws in line with the HIPAA requirements. This paper examines and analyzes the variation in Health Information Technology Privacy & Security Laws, the role of the government in ensuring that these laws are enforced, the challenges or barriers organizations face and the recommendations to implement changes so adoption of  HIT is more readily. The ideas discussed in this paper will contribute the growing literature in this area. Even though the implementation and adoption of Health Information Technology (HIT) is slower in the healthcare industry compared to other industries, guidelines on a state and federal level that are in place must be adhered to ensure patient privacy and security of these vital information. However, HIT Privacy and Security challenges are encountered on a Federal and also on a State level but nevertheless organizations have to find ways to embrace these challenges and construct recommendations to remain in compliances with the law. The Health Administration Informaticists (HAI) in any organization is in a leadership capacity to provide guidance and educate those organizations so they are able to maintain compliance with these guidelines. In this paper, we will examine a number of key topics that are related to patient information privacy and security. These topics will include but will not be limited to HIPAA regulations, patient information privacy and security laws, the impact on HAI practice in the future, and challenges associated with “blending” or integrating the cognizant patient privacy and security laws of some regional states as they seek to create Regional Health Information Organizations (RHIO). The paper will also seek to examine some of the challenges associated with reconciling these privacy and security laws with those guidelines set forth under HIPAA. Finally, some recommendations will be provided as a way that will enable the various states and RHIO’s to reconcile their respective patient privacy and security laws with those guidelines that promulgated under HIPAA.