Cyber Security, Insights, Senior Care

My Health My Data Act

Posted on by Propel Insurance

A new chapter in Washington state’s regulation of health data went into effect April 1, 2024.

This new regulation was determined as needed due to advances in technologies involving collection of health data for market targeting and the portability of collection and sharing. Most health-related commercial data collection does not meet the criteria of Health Insurance Portability and Accountability Act (HIPAA), and health-related data is being managed through devices, apps, and online services now more than ever.

My Health My Data Act protects the consumer from casual collection and use of health information without knowledge and consent of the consumer. This law will require companies to focus on and strengthen data security, driven by policy as well as acknowledgement by posting a detailed consumer health data privacy policy on their website.

Consumer health data is personal information linked or reasonably linkable to a consumer, identifying their past, present, or future physical or mental health status.

Senior Living care communities not currently subject to HIPAA, such as independent living or private pay assisted living, which receive or obtain information from residents through wellness programs or information about pre-existing conditions, health status, or medications may be subject to this regulation.

The My Health My Data Act also requires covered entities to obtain an opt-in consent before sharing or processing any health data and further restricts any downstream use of health data by requiring companies to develop and execute specific responsibility contracts with third parties. Geofencing is referenced as a tool used in marketing to identify potential consumers based on proximity and limits the use of this information collecting tool within 2000 feet of an entity providing in-person healthcare service if is used to identify and track consumers or send notification or advertisements related to health data.

What are the first steps?

  • Familiarize yourself with My Health My Data Act.
  • Determine if this new regulation applies to your business model.
  • Complete an internal risk evaluation to identify what data is collected, how it is collected, how it is protected, and how it is used.
  • Plan for compliance requirements:
    • Review existing data processing agreements with business partners
    • Create a new privacy policy including data access, consent to collect, and right to delete
    • Plan your notification process for website inclusion

Your resources are:

Propel Insurance

Leave a Reply

Legal Fraud Disclaimer

Alera Group, Inc. is aware that there are persons fraudulently impersonating our company by using fake internet domains that appear to look like our legitimate services. If you are contacted by someone claiming to work for Alera Group, or any of our partners, please carefully review the email address and domain. If you have a relationship with our company, please contact us directly and not through any information that is provided in such an email. Please be extremely careful in responding to such emails with personal and financial information, sharing passwords, or any other information of value. Alera Group, or any of our partners, will never send ACH instructions via email and thus we strongly recommend that you verify the authenticity of each wire transfer request by calling your Alera Group contact using the number you have previously called.

NOTICE OF DATA PRIVACY INCIDENT.