New protection against the unauthorized and harmful use of personal health data

Published: 
Tuesday, June 6, 2023
A photo of some of the reproductive rights and privacy advocates that worked on passing Washington My Health, My Data
The ACLU-WA is celebrating the recent passage of ESHB 1155, the Washington My Health, My Data Act. The ACLU-WA worked tirelessly with partners to pass this critical piece of legislation, knowing that no one should have their personal health information collected and shared without their permission or knowledge.

The fall of Roe has had devastating and far-reaching impacts as states across the country ban and criminalize abortion. Forced pregnancy violates our rights to privacy and bodily autonomy and causes wide-ranging harm. Restrictions to reproductive care have been found to be a risk factor for suicide; individuals who are unable to get an abortion are more likely to stay with a violent partner; and studies show that states that restrict abortion have higher maternal mortality rates. The harms associated with banning abortion also fall disproportionately on people who already face systemic barriers to care — communities of color, LGBTQIA2S+ communities, undocumented immigrants, young people, those living in rural communities, people with disabilities, and people with low incomes.
 
Now, more than ever, states like Washington that protect access to abortion and gender affirming care play an essential role in providing care to people from states that criminalize care and jeopardize access to needed health care services. The Washington My Health, My Data Act is critical to this work.

While many people think that the federal Health Information Portability and Accountability Act (HIPAA) protects all their private health data, HIPAA only covers data collected by specific health care entities. Health data collected by crisis pregnancy centers, websites and apps, among others, is not protected by HIPAA. As a result, our health data is left vulnerable to be abused by anti-LGBTQIA2S+ groups and anti-abortion organizations (including crisis pregnancy centers), used in out-of-state criminal prosecutions, or employed by anti-abortion interests to target people with harmful advertising. There has been significant reporting on the harmful use of health care data: a data broker selling the location data of people who visited abortion clinics — including more than 600 Planned Parenthoods, cell phone and social media app data being used in abortion-related prosecutions, and a dating app sharing users’ HIV status with third parties.  

The Washington My Health, My Data Act protects against the unauthorized and harmful use of personal health data and ensures that violations of the Act are a violation of the Consumer Protection Act. The Act:
  • Prevents apps, websites, and other entities from selling and sharing people’s health data, without their opt-in consent or authorization;
  • Requires entities that collect people’s personal health data maintain and publish a privacy policy for consumers’ health data;
  • Guarantees Washingtonians the right to withdraw their consent and have their data be deleted; and
  • Restricts geofencing for the purposes of obtaining personal health information.
We all need to be able to access health care without the added barrier of fearing for our safety and our privacy.  In a post-Roe world, providing privacy protections is a crucial step to safeguarding health care access.

<-Back to Washington in Action Spring 2023 Newsletter - Table of Contents