Washington Attorney General Tightens Privacy Regulations: My Health My Data Act FAQ Updated

In a subtle yet impactful move, the Washington attorney general’s office quietly updated its My Health My Data (MHMD) Act guidance FAQ in January 2024. The amendment brings forth a significant requirement for regulated entities, mandating a separate and distinct link for the consumer health data privacy policy on their homepage. This development departs from the one-size-fits-all approach, compelling entities to create a specialized policy that addresses the MHMD Act’s privacy policy requirements.

Photo from: LinkedIn

Specialized Privacy Policies for Compliance

The updated FAQ underscores that regulated entities must now craft a consumer health data privacy policy that exclusively addresses the stipulations set forth by the MHMD Act. This means avoiding incorporating additional information beyond what the act mandates, preventing reliance on a general privacy policy encompassing various privacy laws.

With the consumer health data privacy policy mandated to have a separate and distinct link on the regulated entity’s homepage, consumers may face added complexity in navigating different privacy policies. This move aims to ensure compliance with the MHMD Act but could potentially contribute to consumer confusion as they navigate various privacy policies, statements, and disclosures.

To comply with the MHMD Act’s definition of “homepage,” regulated entities must not only feature the separate link on the introductory page but also on any webpage where personal health data is collected. This necessitates the widespread propagation of the link across website footers, further occupying limited real estate and intensifying the challenge of managing multiple links for consumers.

READ ALSO: 100 Days of Service: Baptist Health Celebrates a Century of Care in 2024

Addressing Consumer Confusion

Website operators now face increased demands on their website footer real estate. They are juggling separate links for general privacy policies, notices at collection, opt-out/do not sell links, and the newly required consumer health data privacy policy. This landscape adds a layer of complexity to online interactions, potentially hindering the seamless understanding of how regulated entities handle consumer data.

As the MHMD Act tightens regulations, the challenge for consumers to piece together different privacy policies, statements, and disclosures may grow. Regulated entities must navigate this landscape carefully to balance compliance with providing consumers with a clear understanding of how their data is processed.

READ ALSO: £399 Flow Headset Offers New Hope for Depression as Private Sales Skyrocket by 700%

Leave a Comment