Broad New Washington Privacy Law Requires Immediate Compliance Action

The Dorsey Health Law blog team keeps readers up-to-date on relevant topics in the health care industry. In order to do so, the members of the blog team communicate regularly with other practice groups within the firm for applicable updates from client publications. For this post, we would like to thank Dorsey’s Ross D’Emanuele, Jamie Nafziger and Bianca Tillman for the following publication:

Companies may face class action lawsuits as early as July 2023 based on Washington’s new privacy law. Governor Jay Inslee recently signed House Bill 1155, the WA My Health, My Data Act (“MHMDA” or “the Act”), giving companies and non-profits a very short compliance window. MHMDA is part of “Washington State’s nation-leading effort to stem the attack on choice”1 in response to the Supreme Court’s 2022 decision in Dobbs that overturned Roe v. Wade. Lawmakers state that the new law was designed to “protect the independence and dignity of individuals when they make healthcare decisions”2 in the state of Washington by safeguarding the privacy of Consumer Health Data not previously covered by the Health Insurance Portability and Accountability Act (“HIPAA”). However, the MHMDA is much more comprehensive than it seems and covers more than health data. All companies, even those not traditionally associated with health or wellness, should assess whether they fall in scope of the MHMDA’s broad reach and if so, take immediate compliance steps.

Read more here.

Ross C. D'Emanuele

Ross works in the health care provider, payor, and drug and medical device segments of the health care industry. His areas of expertise include health care fraud and abuse, Stark and anti-kickback laws, HIPAA and other privacy and security laws, reimbursement rules and appeals, clinical trial agreements and regulation, FDA regulation, open payments and state "Sunshine Act" laws, accountable care organizations, value-based reimbursement, and telemedicine.