David P. Saunders, Alya Sulaiman, Sam Siegfried, and Austin Mooney of McDermott Will & Emery write:
Washington State’s My Health My Data Act (the Act), which is working its way through the reconciliation process after the Washington Senate and House passed different versions of the Act, is ultimately expected to be signed into law by Governor Jay Inslee this year. This privacy law differs from other recent state privacy legislation in that it is singularly focused on non-Health Insurance Portability and Accountability Act (HIPAA)-regulated consumer health data. Moreover, the bill contains provisions applicable to processors and even third parties who may come into contact with a broadly defined set of “consumer health data,” not just those companies operating healthcare-adjacent businesses. The Act could have a significant impact on advertisers, mobile app providers, wearable device manufacturers and, of course, healthcare companies and their data processors handling non-HIPAA-regulated health information. Below, we examine several key aspects of the Act that are similar in both the House and Senate versions of the bill.
Read more for their more in-depth analysis at MWE.com.