As the benefits of electronic health information exchange may be found available in emergency procedure, disasters prevention, treatment improvement, medical errors and duplication abatement, tracking for protection, and safety enhancement, many countries make efforts in establishing and advancing national electronic health information exchange system. Like other electronic systems, it holds sensitive personal information which should be protected by rigorous electronic safeguards, and by detailed procedures as well as practices that employees and others with access are required to follow. However, even the most diligently protected electronic system is subject to the risk of a privacy breach. Legal protection and actions to the health information privacy consequently become more and more critical to a country developing the exchange system. In order to have a thorough scenario of the legal framework of the system, this article will introduce the health information privacy law in US and Canada, expecting to provide a reference for legislators in consideration of enacting the regulations in the near future.