Meghan O’Connor and Kiana Baharloo Write Article for Privacy & Cybersecurity Law Report About My Health My Data Act
Quarles & Brady attorneys Meghan O’Connor and Kiana Baharloo authored an article for Pratt’s Privacy & Cybersecurity Law Report outlining the scope and implications of the My Health My Data (MHMD) Act enacted in the state of Washington this spring.
O’Connor is chair of the firm’s Health Information, Privacy & Security team and Baharloo is a member of the team. In the article, they cover a variety of issues related to MHMD, including what it means for businesses, its wide-ranging scope, its significant consent requirements and private right of action.
Given the broad definitions of “consumer health data” and “consumer” as well as the broad scope of entities that could fall under MHMD and the potential for privacy causes of action, MHMD is poised to change the landscape of collecting and processing consumer health data. It is too early to tell if this will create a new best practice, but MHMD will certainly reach a broad swath of companies and may become the next BIPA-like opportunity for extensive privacy-related litigation and enforcement.
To meet their MHMD obligations, stakeholders should:
- Restrict collection and sharing of consumer health data to limited purposes without consumer consent;
- Provide and respond to consumer rights regarding consumer health data;
- Implement access controls and information security safeguards;
- Put in place data processing agreements;
- Not engage in sale of consumer health data without authorization; and
- Not implement geofencing in specific circumstances.