Washington Passes Law Requiring Consent Before Companies Collect Health Data (theverge.com) 13
Yesterday, Washington Governor Jay Inslee signed the My Health, My Data bill into law, requiring companies to receive a user's explicit consent before they can collect, share, or sell their health data. When the law comes into effect in March 2024, users will have the right to withdraw consent at any time and have their data deleted. The Verge reports: The law should help shield users' health data from the companies and organizations not included under the HIPAA Privacy Rule, which prevents certain medical providers from disclosing "individually identifiable" health information without consent. The HIPAA Privacy Rule doesn't cover many of the health apps and sites that collect medical data, allowing them to freely collect and sell this information to advertisers.
Under Washington's new law, which comes into effect in March 2024, medical apps and sites must ask a user for permission to collect their health data in a nondeceptive manner that "openly communicates a consumer's freely given, informed, opt-in, voluntary, specific, and unambiguous written consent." The site and apps must also disclose what kind of data they plan to collect and if they plan to sell it. Additionally, the bill will block medical providers from using geofencing to collect location information about the patients that visit the facility.
Under Washington's new law, which comes into effect in March 2024, medical apps and sites must ask a user for permission to collect their health data in a nondeceptive manner that "openly communicates a consumer's freely given, informed, opt-in, voluntary, specific, and unambiguous written consent." The site and apps must also disclose what kind of data they plan to collect and if they plan to sell it. Additionally, the bill will block medical providers from using geofencing to collect location information about the patients that visit the facility.
well our data center locations are not in WA so we (Score:2)
well our data center locations are not in WA and we are an DE incorporation so we don't have to do any thing.
Re: (Score:1)
As a native of Washington, let me explain to you that Washington loves default judgments against people out of state.
Re:well our data center locations are not in WA so (Score:5, Informative)
Even if, in the end, they end up somewhat toothless. Facebook flagrantly and intentionally violates the law repeatedly and it costs them 0.1% of annual profits, for example:
https://www.seattletimes.com/s... [seattletimes.com]
Totally better than nothing, mind you, but only if you're a company that can't afford the default judgement.
Re: (Score:3)
Re: (Score:1)
Delete my data? Suuuuure (Score:4, Funny)
users will have the right to withdraw consent at any time and have their data deleted.
User: "I hereby withdraw my consent. Please delete my data."
Company: "Data has been deleted. Pinky swear!"
Maybe (Score:2)
Another signature line on the form (Score:3)
Meaningless (Score:2)
>"bill into law, requiring companies to receive a user's explicit consent before they can collect, share, or sell their health data"
Utterly meaningless. You can't diagnose or treat without collecting information. And it will be "sign this or go away." And there will be no other place to go, because every single healthcare entity will have the same "sign this or go away" form.
Sure, disclosure and permission is nice, but let's not pretend that this type of law will actually solve any problems. Granted,
Re: (Score:2)
I don't know if you are aware of this... but there is a thing call HIPAA and when you visit a doctor you have to sign a HIPAA agreement which allows them to collect your medical information (and has stringent restrictions on their use of that information beyond diagnosis and treatment).
A Great Start (Score:2)
I disagree however with the notion that my personal health data is any more sacred than financial, employment, friendships, location/travel, etc.
Will I have to click through more crap? (Score:2)
This sounds like a law to give the appearance of something being done about a perceived problem.
I am so sick of signing the same HIPAA forms every time I go to the doctor. I'm so sick of clicking accept all cookies on websites that I visit. Please stop passing laws that make my life more complicated.
If there is a problem, solve it. If there is no problem, leave it alone.