Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government Privacy Medicine

Washington Passes Law Requiring Consent Before Companies Collect Health Data (theverge.com) 13

Yesterday, Washington Governor Jay Inslee signed the My Health, My Data bill into law, requiring companies to receive a user's explicit consent before they can collect, share, or sell their health data. When the law comes into effect in March 2024, users will have the right to withdraw consent at any time and have their data deleted. The Verge reports: The law should help shield users' health data from the companies and organizations not included under the HIPAA Privacy Rule, which prevents certain medical providers from disclosing "individually identifiable" health information without consent. The HIPAA Privacy Rule doesn't cover many of the health apps and sites that collect medical data, allowing them to freely collect and sell this information to advertisers.

Under Washington's new law, which comes into effect in March 2024, medical apps and sites must ask a user for permission to collect their health data in a nondeceptive manner that "openly communicates a consumer's freely given, informed, opt-in, voluntary, specific, and unambiguous written consent." The site and apps must also disclose what kind of data they plan to collect and if they plan to sell it. Additionally, the bill will block medical providers from using geofencing to collect location information about the patients that visit the facility.

This discussion has been archived. No new comments can be posted.

Washington Passes Law Requiring Consent Before Companies Collect Health Data

Comments Filter:
  • well our data center locations are not in WA and we are an DE incorporation so we don't have to do any thing.

  • by kmoser ( 1469707 ) on Saturday April 29, 2023 @12:31AM (#63484854)

    users will have the right to withdraw consent at any time and have their data deleted.

    User: "I hereby withdraw my consent. Please delete my data."
    Company: "Data has been deleted. Pinky swear!"

  • Facebook will think twice before allowing smart pixels on a health website
  • by John.Banister ( 1291556 ) * on Saturday April 29, 2023 @05:26AM (#63485050) Homepage
    And if you forget to sign and give consent, someone brings back the form and says "you need to also sign here or we can't help you."
  • >"bill into law, requiring companies to receive a user's explicit consent before they can collect, share, or sell their health data"

    Utterly meaningless. You can't diagnose or treat without collecting information. And it will be "sign this or go away." And there will be no other place to go, because every single healthcare entity will have the same "sign this or go away" form.

    Sure, disclosure and permission is nice, but let's not pretend that this type of law will actually solve any problems. Granted,

    • by mspohr ( 589790 )

      I don't know if you are aware of this... but there is a thing call HIPAA and when you visit a doctor you have to sign a HIPAA agreement which allows them to collect your medical information (and has stringent restrictions on their use of that information beyond diagnosis and treatment).

  • I disagree however with the notion that my personal health data is any more sacred than financial, employment, friendships, location/travel, etc.

  • This sounds like a law to give the appearance of something being done about a perceived problem.

    I am so sick of signing the same HIPAA forms every time I go to the doctor. I'm so sick of clicking accept all cookies on websites that I visit. Please stop passing laws that make my life more complicated.

    If there is a problem, solve it. If there is no problem, leave it alone.

"I got everybody to pay up front...then I blew up their planet." "Now why didn't I think of that?" -- Post Bros. Comics

Working...