×

We provide information and tools to empower the patient to select the best therapy for each individual.

Impact of My Health, My Data Act across the US

Impact of My Health, My Data Act across the US

by Max Narovlyansky Leave a Comment on Impact of My Health, My Data Act across the US

Most commercial collection of medical data falls outside of the scope of sector-specific laws like HIPAA which governs only the use of personal health information in the context of a patient-provider relationship. Specifically, HIPAA only protects health-related information when that information is created or received by a Covered Entity, meaning various providers. HIPAA does not, however, cover health information in employment records, health information created, accessed, or maintained by social media, digital health and technology companies also fall outside the purview of HIPAA-governed transactions.

Recently enacted regulation at the federal level regarding Electronic Health Information export (EHI) ensures that patients are able to request data in electronic format from healthcare providers but does not provide privacy protections.  Congress has not yet passed a comprehensive federal privacy bill; hence it is up to the states to fill in the regulatory gaps.

At the same time as federal EHI regulation was enacted at the end of March 2024, several state healthcare data privacy state laws came into effect in the US. Landmark legislation bearing the memorable title My Health, My Data Act (MHMD) was passed by Washington State. Two additional states Nevada and Connecticut have also passed health data privacy legislation acts as part of a gathering consensus to provide consumers with the comprehensive privacy safeguards for sensitive health data. The laws clarify the definitions for two major concepts: covered entities and consumer health data (CHD), which is increasingly stored in electronic format (EHI). The EHI legislation is very practical because it in enables the patient to request a comprehensive electronic medical record file from healthcare providers and dovetails with state privacy laws.

State laws like MHDM provide much stronger and broader protections than HIPAA does. Although only three states have enshrined this increased protection into law this legislation will have a major impact across the entire US by forcing the industry to satisfy the higher standard for CHD privacy. Because legal jeopardy could result for companies sharing data for patients who move into the states with elevated CHD privacy protection the more stringent laws in some states impact industry practice in the US overall.

Basic information for the industry for HIPAA and the FTC regulations is linked to the image below.