Beyond the statutory text of the new Washington state My Health My Data Act, the Washington Attorney General has published Frequently Asked Questions (FAQs) and will update such FAQs periodically. Some of the FAQs provide insight into possible interpretations of the law’s provisions that are summarized below. For a broader overview of the My Health My Data Act, see here. 1. Businesses located outside of the state of Washington that only store data in Washington…
So far this year, three US states have passed laws with specific obligations related to consumer health privacy law: Washington, Connecticut, and Nevada. When it comes to California, the omnibus California Consumer Privacy Act (CCPA) applies also to the processing of health information. But, if the sectoral Confidentiality of Medical Information Act (CMIA) applies and is complied with, CMIA, and not the CCPA, applies. Most companies that do business in California are subject to CMIA,…
With the new Washington state My Health My Data Act, you may wonder if any exceptions or exemptions apply to your organization (for an overview of the law, see here). As a reminder, the definition of consumer health data is broad: “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status” (the definition includes as an enumerated example any information…
The Connecticut Data Privacy Act (CTDPA) is operative since July 1, 2023, and so are certain amendments that were signed into law as recently as June 26th, 2023. The amendments focus on protecting consumer health data and protecting minors, with additional consumer health data protections already operative but with some obligations related to minors becoming operative mid to late 2024. Additional Obligations for Processing Consumer Health Data As other omnibus US state privacy laws, the…
Washington state governor Jay Inslee signed the My Health, My Data Act (the Act) into law on April 27, 2023. Regulated entities are required to comply with most obligations from March 31, 2024 with small businesses being required to comply from June 30, 2024. Prohibitions on geofencing are operative already on July 23, 2023. The Act will be enforceable both by the Washington Attorney General’s Office and through a private right of action. Who is…
Legislative activity in the U.S. state of Washington continues this year with numerous bills being considered. Businesses that process health data should follow the process of House bill 1155 (the My Health, My Data Act), which has been amended once and was approved in the House Committee on Civil Rights & Judiciary hearing on February 3, 2023. Who and what data are protected? The My Health, My Data Act protects as “consumers” Washington residents and…
The UK’s Health Research Authority (HRA) has unveiled new guidance which signposts the three essential steps to access health and care data for research purposes. The guidance delves into a point that researchers often miss: the common law duty of confidentiality runs in parallel to data privacy laws, and each regime needs to be considered separately to ensure data access requests can stand up to regulatory scrutiny. Step 1: Scoping – What are the data…
How will pharma use health data for clinical trials in the future? The power of clinical trial tokenisation On 25 October 2022 leading researchers and executives from some of the world’s pioneering drug and pharmaceutical companies came together at a Financial Times Live Webinar event to discuss “The Power of Clinical Trial Tokenisation”. Tokenisation of healthcare data is likely to be one of the next great innovations for developing life-saving drugs and treatments through the…
Numerous data privacy and security laws govern the private sector’s collection and use of health data in the USA. These laws vary in scope and substance but some combination of them would probably apply to your company if, for example, it does any of the following in the country: Diagnoses or treats patients’ health conditions;Offers an app intended to promote the health or wellness of consumers;Provides health insurance or helps to process health insurance claims;Collects…
Synthetic datasets could change the way developers train AI models in healthcare. They have the potential to increase the size of training datasets for AI models, whilst protecting patient privacy, but is this really a solution or just hype? We’ve set out 7 things you need to know. 1. What is synthetic data? A synthetic dataset is an “artificial” dataset containing computer-generated data instead of real-word records. In the healthcare setting, the term “synthetic data” is…