"My Health, My Data, Everyone's Headache," Davis Wright Tremaine Webinar
Washington's new My Health My Data Act (MHMD) purports to be a health data privacy act, but its reach extends far beyond what people ordinarily think of as health data. Due to expansive definitions of consumer health data, consumers, and regulated entities, virtually any identifying personal data related to someone's physical or mental status may be regulated, such as online searches for diet tips and exercise equipment or social media posts complaining about feelings of gloom due to too much Seattle rain. Processing of this data is now subject to burdensome restrictions.
Protected consumers under MHMD include not only Washington residents but anyone whose health data is collected, stored, analyzed, or otherwise processed in Washington, apparently expanding coverage to people all over the globe who have no obvious connection to Washington and whose data is only remotely related to health. These consumers will have powerful rights to control their data as well as a private right of action to bring damages claims.
Like most other state privacy laws, MHMD does not apply to consumer data in an employment or business context and excludes some data covered by other laws such as HIPAA. Beyond those carve outs, its application is expansive.
This webinar is an overview of MHMD followed by a panel discussion as we explore the immense scope and impact of MHMD:
- What businesses and industries will be surprised to learn that they are subject to MHMD?
- What commonplace data processing activities are now regulated by MHMD, even if they have no apparent connection with health?
- What practical approaches can regulated entities take to comply at a reasonable cost while minimizing business impact?
- Does the prohibition on geofencing have unexpected impacts?
- Does MHMD effectively make Washington the eighth state with a comprehensive privacy law?