What You Need To Know
- Introducing a new tool to check whether Washington's My Health My Data Act applies to you!
- The act creates a host of new requirements for companies that deal in consumer health data—particularly around disclosure, use, sale, and consumer access.
- It designates certain subject companies as "regulated entities" who must comply by March 31 and other companies as "small business" who must comply by June 30.
- Unlike most U.S. state privacy laws, violations can be enforced through a private right of action, but plaintiffs must prove damages. That can be tough, but plaintiffs' attorneys may nonetheless try and extract low-value settlements from companies that have obvious compliance issues.
- The law also empowers the Washington attorney general to bring enforcement actions against noncompliant companies.
What is the new Washington My Health My Data Act (MHMDA)?
MHMDA aims to provide stronger privacy protections for "consumer health data" by:
- Requiring additional disclosures for the collection, use, and sharing of consumer health data
- Restricting the use of consumer health data to what is necessary to provide a consumer requested service unless the consumer provides their consent or a written authorization for additional processing
- Giving consumers the right to access and delete their consumer health data and withdraw their consent for collection and sharing
- Prohibiting the sale of consumer health data without a valid authorization signed by the consumer
- Prohibiting certain uses of a geofence around a facility that provides health care services
Continue reading here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.