Meghan O’Connor and Kiana Baharloo Write Article About Washington’s My Health My Data Act Published in Lexis Practical Guidance
An article written by Quarles & Brady attorneys Meghan O’Connor and Kiana Baharloo about the significance of the My Health My Data (MHMD) Act enacted in the state of Washington earlier this year has been published in the Data Security & Privacy practice area of Lexis Practical Guidance.
O’Connor, chair of the firm’s Health Information, Privacy & Security team, and Baharloo, a member of the team, cover a range of issues in the article, including what it means for businesses, its wide-ranging scope, its significant consent requirements and private right of action.
An excerpt:
Given the broad definitions of "consumer health data" and "consumer" as well as the broad scope of entities that could fall under MHMD and the potential for privacy causes of action, MHMD is poised to change the landscape of collecting and processing consumer health data. It is too early to tell if this will create a new best practice, but MHMD will certainly reach a broad swath of companies and may become the next BIPA-like opportunity for extensive privacy-related litigation and enforcement.
To meet their MHMD obligations, stakeholders should:
- Maintain a consumer health data privacy policy;
- Restrict collection and sharing of consumer health data to limited purposes without consumer consent;
- Provide and respond to consumer rights regarding consumer health data;
- Implement access controls and information security safeguards;
- Put in place data processing agreements;
- Not engage in sale of consumer health data without authorization; and
- Not implement geofencing in specific circumstances.