Washington Passes Law Requiring Consent Before Companies Collect Health Data

Yesterday, Washington Governor Jay Inslee signed the My Health, My Data bill into law, requiring companies to receive a user's explicit consent before they can collect, share, or sell their health data. When the law comes into effect in March 2024, users will have the right to withdraw consent at any time and have their data deleted. The Verge reports: The law should help shield users' health data from the companies and organizations not included under the HIPAA Privacy Rule, which prevents certain medical providers from disclosing "individually identifiable" health information without consent. The HIPAA Privacy Rule doesn't cover many of the health apps and sites that collect medical data, allowing them to freely collect and sell this information to advertisers. Under Washington's new law, which comes into effect in March 2024, medical apps and sites must ask a user for permission to collect their health data in a nondeceptive manner that "openly communicates a consumer's freely given, informed, opt-in, voluntary, specific, and unambiguous written consent." The site and apps must also disclose what kind of data they plan to collect and if they plan to sell it. Additionally, the bill will block medical providers from using geofencing to collect location information about the patients that visit the facility.

Read more of this story at Slashdot.