Overview
On March 31, key provisions of Washington’s My Health My Data Act (MHMDA) will go into effect. Affected businesses will be subject to a law that is quite broad in scope and has been touted as the first privacy-focused law in the country to protect personal health data that falls outside of HIPAA. In addition, MHMDA will be the second privacy law in the country (Illinois’ Biometric Information Privacy Act (BIPA) being the first) to provide for a private right of action related specifically to biometric data in addition to government enforcement. In this alert, we:
- Summarize key aspects of MHMDA, including who is covered, what covered entities must do to comply with the law, and how the law defines "consumer health data."
- Assess potential private litigation and regulatory enforcement risk alongside BIPA and within the larger context of growing federal and state scrutiny of companies’ collection and use of biometric data.