Reklaim

Navigating the New Era of Health Data Privacy: A Closer Look at Recent Developments

Stay updated on the latest health data privacy laws, including explicit opt-in consent and Zero-Party Data. Learn about new regulations like the Washington My Health My Data Act, Nevada SB 370, and Connecticut SB 3. Discover how these changes impact businesses and the steps needed to ensure complian, Stay updated on the latest health data privacy laws, including explicit opt-in consent and Zero-Party Data. Learn about new regulations like the Washington My Health My Data Act, Nevada SB 370, and Connecticut SB 3. Discover how these changes impact businesses and the steps needed to ensure compliance and build consumer trust. Read more on Reklaim.

March 10, 2024

4 min read

In today's digital age, consumer personal data is more valuable than ever before, and its protection has become a paramount concern. With privacy regulations putting restrictions on targeting audiences based on Sensitive Personal Information(SPI) such as ethnicity and sexual orientation, the landscape is rapidly evolving. One significant type of data that demands attention is health data. Typically protected by HIPAA, health data now faces additional safeguards, especially with states requiring opt-in for Sensitive Personal Information (SPI), which can include specific health data. In addition to certain states requiring opt-in for sensitive personal data, some states are creating bills specifically for non-covered HIPAA health data or changing the definition of SPI to include health data. While most have heard about the "Washington My Health My Data Act" (MHMD), other states are passing bills, including Nevada and Connecticut.

Back in April, Washington State made a significant move in privacy law by approving the " Washington My Health My Data Act" (MHMD), marking it as one of the most pivotal developments in privacy law since the California Consumer Privacy Act (CCPA) was adopted in 2018. While this news may not have made headlines for everyone back then, it is now, with its effective date fast approaching.

Key Elements of MHMD:

Effective Dates: March 31, 2024, for regulated entities, and June 30, 2024, for small businesses.
Consent Requirements: Explicit opt-in consent for health data collection beyond product/service needs.
Data Subject Rights: Deletion rights and unique notice requirements.
Corporate Obligations: Health data privacy policy, consent for collection, and robust security measures.

One of the most significant features of the My Health, My Data initiative is that it grants individuals the right to take legal action to protect their privacy. This means that individuals have recourse if they believe their rights under the initiative have been violated, further emphasizing the importance of businesses complying with the new regulations.