Washington State Passes My Health, My Data Act to Safeguard Health Data Privacy
The My Health, My Data Act gives Washingtonians the right to request data deletion, restricts geo-fencing around healthcare facilities, and forbids the collection of health data without consent.
Source: Getty Images
By Jill McKeon
- Washington state Governor Jay Inslee signed the My Health My Data Act (House Bill 1155) into law, bolstering health data protections for Washington residents.
The act aims to modernize the state’s consumer protection framework by giving individuals to right to withdraw consent, request data deletion, and prohibiting the collection and sharing of health data without consent.
“Information related to an individual's health conditions or attempts to obtain health care services is among the most personal and sensitive categories of data collected. Washingtonians expect that their health data is protected under laws like the health information portability and accountability act (HIPAA). However, HIPAA only covers health data collected by specific health care entities, including most health care providers,” the act’s text states.
“Health data collected by noncovered entities, including certain apps and websites, are not afforded the same protections. This act works to close the gap between consumer knowledge and industry practice by providing stronger privacy protections for all Washington consumers' health data.”
In addition to requiring explicit consent to share health data for Washington residents, the My Health, My Data Act aims to protect the data of individuals who travel to Washington to seek gender-affirming and reproductive care. Additionally, the act restricts geo-fencing around healthcare facilities.
“Without a federal policy, this is where we are and the first in the nation bill we need,” said Representative Vandana Slatter, who introduced the bill.
“I’m grateful to my colleagues and the attorney general for choosing to rise to the occasion in protecting people’s right to privacy, personal agency and safe medical care.”
Under the My Health, My Data Act, the Attorney General’s Office will have the ability to investigate violations and pursue legal actions. The Act also provides Washington residents with the ability to file civil lawsuits via a private right of action.
“This law provides Washingtonians control over their personal health data,” Washington Attorney General Bob Ferguson said. “Washingtonians deserve the right to decide who shares and sells their health data, and the freedom to demand that corporations delete their sensitive health data — and will now have these protections.”
