Washington’s My Health My Data

Washington’s My Health My Data

A quick read of Washington’s My Health My Data

Backdrop: Enacted in reaction to the US Supreme Court’s decision overturning a federal right to abortion. Guarantees Washington residents some of the broadest health information privacy protections in the nation.

Tl;dr: The law prohibits covered entities from collecting or selling health data that can be tied to an individual without that person’s express consent.

When is it effective?

MHMD will take effect on March 31, 2024, although small businesses have until June 30, 2024, to comply. Restrictions related to geofencing take effect this year on July 23, 2023.

Covered Entity: Any legal entity that: (a) conducts business in Washington, or produces or provides products or services that are targeted to consumers in Washington;  and (b) alone or jointly with others, determines the purpose and means of collecting, processing, sharing, or selling of consumer health data.

Consumer Health Data: The core of the definition is that the consumer’s personal information must identify the consumer’s past, present or future physical or mental health status to be considered CHD.

What do you need to do to comply?

  • Notice
  • Consent
  • DPA
  • Security
  • Geofencing Restriction
  • Consumer Rights Mechanism
  • Authorization for Sale

Exemptions: This law doesn’t apply to PHI under HIPAA, Deidentified Data and Public Data.

Litigation Opinion: Lawsuits brought under the MHMD will be more challenging to litigate than actions brought under statutes like Illinois’ BIPA and California’s CIPA (Wiretap, Pen registers). This is because MHMD requires plaintiffs to prove they suffered an injury tied to their data being shared which is a higher threshold than under BIPA and CIPA.

More Health Laws: And it’s not just Washington, there’s also Nevada and CT Health Law.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top