The “My Data My Health Act” could have serious legal implications for your business—even if you’re not in healthcare.
As trusted data privacy and cybersecurity attorneys in Seattle, we’ve helped numerous clients safeguard their digital assets and ensure legal compliance. Ready to protect your business’s future? Getting started is as easy as signing up for a free case consultation .
In an increasingly digital world, data privacy and cybersecurity will only become more important.
As new data laws continue to emerge, you’ll need to ensure your organization stays up-to-date on important rules and regulations. Failing to do so doesn’t just expose you to data leaks and hacks—it also makes you vulnerable to legal action. Both of these can put your organization in serious jeopardy.
If you work in a healthcare professional or an industry that handles medical data in Washington State, you need to know about a new law that’s about to go into effect. It’s called the My Health My Data Act (MHMDA), and it has major implications for you and your organization. It’s the newest in a series of data privacy regulations that make legal compliance increasingly difficult for small businesses and organizations.
If you’re unsure about how this new law might affect you, it’s important that you find out—and fast. The easiest way to get up-to-speed is by working with an experienced data privacy and cybersecurity attorney in Washington State. Luckily, you don’t have to look too far.
As a top-tier, boutique law firm in Seattle, By Design Law has the resources and expertise to meet all of your legal needs as they pertain to business law, data protection, IP and more. This article will explain everything you need to know about the MHMDA, compliance requirements, potential penalties and more.
Need legal help now? Don’t wait until you’re in too deep to ask for help. Whether you need legal services pertaining to business law, data protection and cybersecurity, intellectual property or consumer issues, we’re here for you. Fill out our online intake form to get started.
Understanding the My Data My Health Act
The digitization of health data in the U.S. was an inevitable outgrowth of technological advancement, and while the ability to share data between multiple providers and entities offers benefits, anything stored online is vulnerable to data leaks and hacks. The MDMHA is one of the many laws aimed at protecting individuals’ most personal data.
The MHMDA is “the first privacy-focused law in the country to protect personal health data that falls outside the ambit of the Health Insurance Portability and Accountability Act, or HIPAA,” according to the Washington State Office of the Attorney General . It was signed into law on April 27, 2023, by Governor Jay Inslee to increase protections for individuals’ health data and prevent regulated entities from sharing it without permission or necessity.
Expanding on protections outlined in HIPAA, the MHMDA requires entities to obtain additional disclosures and consumer consent in order to collect and share information. It also gives consumers the right to have their health data deleted, prevents entities from selling health data without permission and prohibits the use of geofences around healthcare facilities.
Who Does the MHMDA Apply to?
The MHMDA is far-reaching and applies to any legal entity that conducts business in Washington State or targets Washington consumers and deals in consumer health data. This includes any entity that collects, possesses, shares or sells private health data.
What Is Considered Health Data?
The MHMDA defines consumer health data as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status.” It defines “physical or mental health status” to include the following:
- A person’s health conditions, diseases and treatment
- Health interventions, including social, psychological, behavioral and medical
- Health procedures and surgeries
- Purchase history of prescribed medications
- Diagnostic testing and diagnoses
- Reproductive health information
- Gender-affirming care information
- Biometric and genetic data
- Location data that may indicate a consumer’s attempt to receive health services or health-related products
By using this broad definition, the MHMDA involves many organizations you wouldn’t typically consider to be part of the healthcare industry. It’s also important to note there is no minimum amount of data subjects or revenue in order for a company to be subject to the MHMDA’s regulations, meaning that small businesses must also comply.
Ensuring Compliance with the MHMDA
The specific steps you will need to take in order to achieve and maintain compliance with the MHMDA depends largely on the nature of your organization. Although not a complete list, here are some of the most important actions you’ll likely need to take:
- Create a policy that discloses the consumer health data that is collected and shared
- Obtain consumer consent before collecting or sharing undisclosed information or data that is unnecessary to share
- Delete consumer data within 45 days of being requested by the consumer
- Establish and maintain reasonable cybersecurity measures
- Eliminate geofences around facilities that provide in-person services
The deadline for regulated entities to comply with all non-geofencing-related MDMHA requirements is March 31, 2024. For small businesses, the deadline is June 30, 2024. Compliance with geo-fencing regulations is the only deadline already in effect, as of July 23, 2023.
By Design Law: Top-Tier Cybersecurity and Data Protection Attorneys in Washington State
For many small businesses and entities across Washington, establishing full compliance with the MHMDA represents many operational burdens and may be difficult to achieve. The best thing you can do for the future of your organization is start preparing now.
Luckily, you don’t have to do it alone. The attorneys at By Design Law can help you navigate the complexities of the MHMDA and other data-related regulations. As the looming deadlines for compliance grow nearer, it may be difficult to get the quality legal assistance you need to stay above board, which is why you should contact us as soon as possible.
Fill out our online intake form to take advantage of a complimentary consultation today.
