Data Privacy 2024 Outlook: The Non-HIPAA Regulation of Health Data
Lexology December 8, 2023
Main Takeaway (i.e., TLDR):
If you do business in Washington, collect or process consumer health information, and such information is not HIPAA-regulated PHI, the Washington My Health My Data Act may apply to you. In particular, retail businesses, as well as health and fitness apps, wearables, or IoT developers, should pay attention to this law. It comes into effect for most businesses on March 31, 2024 (for “small businesses,” as defined by the MHMDA, on June 30, 2024) and provides for a private right of action (meaning, it is expected to draw class action litigation claims from plaintiffs’ attorneys). Contact us (or continue reading below) to learn more about this law and its requirements.
Background
In 2021, the Federal Trade...