Top Considerations for Complying With My Health My Data ActAttorney James Hennessy of Reed Smith on Washington State's MHMD Act
It's time for companies dealing with non-HIPAA-regulated health information to plan their compliance with Washington state's My Health My Data Act, which goes into effect in the new year and affects organizations that are based in other states, said attorney James Hennessy of law firm Reed Smith.
The MHMD Act, which goes into effect for larger entities on March 31, 2024, and smaller entities on June 30, 2024, addresses the collection, sharing and selling of consumer health data that is not covered by HIPAA regulations.
"This is really going to impact those nontraditional digital health-type businesses - maybe wearable device manufacturers, wellness industry companies, mobile apps, companies that are engaged in advertising in this space - and maybe haven't thought about compliance with laws like this," Hennessy said.
That includes a broad range of consumer health data, he said. "It's any personal information that is linked or reasonably linkable to a consumer and identifies the consumer's past, present or future physical or mental health status," he said.
"It doesn't mean just collected data. It means bought, rented, received, inferred, derived information. So if you're in any way dealing with this type of information, and you're in any way touching Washington, you should definitely consider whether or not this applies to you."
In the audio interview (see link below photo), Hennessy also discusses:
- Distinct features of the MDMH law compared with the privacy law of other states, as well as federal HIPAA and Federal Trade Commission regulations;
- Other important considerations concerning complying with the MHMD Act;
- Additional legal and regulatory issues involving health data privacy to keep an eye on in the months ahead.
Hennessy is a partner in the Reed Smith Life Sciences Health Industry Group. He advises healthcare and life sciences companies on various federal and state regulatory matters, as well as compliance issues related to the privacy and security of protected patient and consumer information, including the Health Insurance Portability and Accountability Act, the California Consumer Privacy Act and California's Confidentiality of Medical Information Act.