Washington’s My Health My Data Act – A Roadmap for Compliance

By: Jennifer Yoo , Sari Heller Ratican , Ana Razmazma , Jefferson Lin , Brent Tuttle , Alyona Eidinger

What You Need To Know

  • Introducing a new tool to check whether Washington’s My Health My Data Act applies to you!
  • The act creates a host of new requirements for companies that deal in consumer health data—particularly around disclosure, use, sale, and consumer access.
  • It designates certain subject companies as “regulated entities” who must comply by March 31 and other companies as “small business” who must comply by June 30.
  • Unlike most U.S. state privacy laws, violations can be enforced through a private right of action, but plaintiffs must prove damages. That can be tough, but plaintiffs’ attorneys may nonetheless try and extract low-value settlements from companies that have obvious compliance issues.
  • The law also empowers the Washington attorney general to bring enforcement actions against noncompliant companies.

What is the new Washington My Health My Data Act (MHMDA)?

MHMDA aims to provide stronger privacy protections for “consumer health data” by:

  • Requiring additional disclosures for the collection, use, and sharing of consumer health data
  • Restricting the use of consumer health data to what is necessary to provide a consumer requested service unless the consumer provides their consent or a written authorization for additional processing
  • Giving consumers the right to access and delete their consumer health data and withdraw their consent for collection and sharing
  • Prohibiting the sale of consumer health data without a valid authorization signed by the consumer
  • Prohibiting certain uses of a geofence around a facility that provides health care services

Continue reading here.


Don’t have an account yet?