By Aaron J.Burstein & Alysa Z. Hutnik, Kelley Drye
On April 27, 2023, Governor Jay Inslee signed into law the My Health My Data Act (MHMD), which will become effective on March 31, 2024. While the 2023 state legislative season may see the addition of four comprehensive privacy laws (Iowa, Indiana, Montana, and Tennessee), Washington’s State’s My Health My Data bill (HB 1155) could have the most far-reaching impact on businesses.
Although limited to “consumer health data,” MHMD’s actual scope is much broader than many might anticipate based on the title of the law. It imposes stringent notice, consent, and HIPAA-style authorizations to the collection, sharing, and sale of “consumer health data,” a term that captures a potentially vast array of data. MHMD also creates a private right of action, allowing consumers to bring claims under Washington’s Consumer Protection Act, in addition to authorizing enforcement by the state attorney general.
MHMD also fits a broader trend toward intense scrutiny of health information practices under state privacy laws, through FTC enforcement actions, and in private class actions.
This post takes a look at some of the key requirements and open questions under MHMD, and offers a few tips to help stay ahead of increasingly strict health privacy regulations.
MHMD’s Broad Scope
- “Consumers” and “Consumer Health Data.” “Consumers” under MHMD are Washington residents “in an individual or household context.” MHMD expressly excludes individuals in an employment context (but not expressly in a business-to-business context).
Significantly, the definition of “consumer” also includes “a natural person whose consumer health data is collected in Washington.” “Collection,” in turn, includes inferring, deriving, buying, acquiring, “or otherwise process[ing]” consumer health data. Similar to the CCPA, GDPR, and other privacy laws, MHMD defines “processing” to include “any operation or set of operations performed on consumer health data.” This provision makes the definitions of “consumer” and “consumer health data” circular, and it raises the question of whether MHMD applies to health data about individuals who reside outside of Washington. The final Senate report summarizes member comments suggesting that the intent of this definition is to cover non-residents who travel to Washington to obtain health care. The MHMD text, however, is not clearly limited to this circumstance.
Featured News
EU Extends Support for Farms and Fisheries Amid Market Disruptions
May 5, 2024 by
CPI
Sony and Apollo Bid $26 Billion for Paramount Acquisition
May 5, 2024 by
CPI
Goldman Sachs Resolves Decade-Old Metal-Rigging Class Action Lawsuit
May 5, 2024 by
CPI
Italian Antitrust Ruling Puts Halt on Intesa Sanpaolo’s Fintech Ambitions
May 5, 2024 by
CPI
Google Antitrust Case: Closing Arguments Conclude
May 5, 2024 by
CPI
Antitrust Mix by CPI
Antitrust Chronicle® – Economics of Criminal Antitrust
Apr 19, 2024 by
CPI
Navigating Economic Expert Work in Criminal Antitrust Litigation
Apr 19, 2024 by
CPI
The Increased Importance of Economics in Cartel Cases
Apr 19, 2024 by
CPI
A Law and Economics Analysis of the Antitrust Treatment of Physician Collective Price Agreements
Apr 19, 2024 by
CPI
Information Exchange In Criminal Antitrust Cases: How Economic Testimony Can Tip The Scales
Apr 19, 2024 by
CPI