On January 31, 2024, Cooley Attorneys Brooke Fritz and Andrew Epstein led a virtual presentation on Washington State's My Health, My Data (MHMD) Act. Below are the main highlights of the discussion.
Origin and purpose of the MHMD method: To close the gap between consumer knowledge and industry practices under federal protections for “health information,” and to advance the Washington State Legislature's “Protect Choice” agenda. In response, the state of Washington has enacted legislation aimed at increasing protection for consumers. Manage individual consumer health data.
Applicability: The MHMD Act protects Washington residents and other individuals whose consumer health data is collected or processed in Washington. If consumer health data were to flow through Washington, it would certainly be within that purview. The MHMD Act applies to legally defined “regulated entities” and “small businesses” in and outside of Washington, without the jurisdictional limitations typically found in consumer privacy laws in other U.S. states. will be done.
“Consumer health data” in a broad sense:The MHMD Act broadly defines “consumer health data” independent of diagnosis or treatment by a medical professional, and covers a wide range of health-related and health-related data. The MHMD Act also identifies certain adjacent information related to physical or mental health conditions, meaning that such information constitutes consumer health data.
Obligation to comply: The MHMD Act requires regulated entities to maintain separate consumer health data privacy policies and for consumer health data collection and sharing activities that are not necessary to provide the product or service the consumer requested. We require you to obtain opt-in consent and maintain reasonable information security measures. , more.
commercial impact: Regulated entities will need to analyze consumer health data flows and consider how they use consumer health data beyond providing requested products and services. Regulated entities will be required to maintain new or additional user consents, change the use of consumer health data for non-essential purposes, and enter into appropriate agreements with entities to which they disclose consumer health data. in some cases. Furthermore, regulated bodies must be able to respond to specific data subject requests.
Execution risk: Unlike many other U.S. state consumer privacy laws, the MHMD Act provides individuals, in addition to the Washington State Attorney General, with the right to bring individual or collective claims against noncompliant regulated entities. is recognized.
Watch the entire conversation on demand ›
[View source.]