Washington’s My Health My Data Act (MHMD Act) regulates businesses and service providers that process or collect https://www.upguard.com/blog/protected-health-information-phi from state residents. Examples of businesses that may be required to comply with the MHMD Act include those that manufacture fitness tracking equipment, manage fitness centers, or indirectly collect consumer health data.
The MHMD Act applies to any entity that conducts business in Washington, targets resident consumers throughout Washington state, or makes decisions concerning the processing of health data of state residents.
The MHMD Act requires applicable businesses to follow the following regulations: Maintain an accurate and informative consumer privacy policy Request and receive consumer consent before collecting or sharing consumer health data Request and receive valid authorization before selling consumer health data Implement access controls to restrict data access to necessary parties Prohibit geofencing at all times Draft and enforce a data processing contract for each processor that controls, manages, or edits collected data Promptly respond to data access, correction, or deletion requests
Entities regulated by the MHMD Act must receive consumer consent before collecting or sharing consumer health data.