Washington My Health My Data Act (MHMDA)
Washington's MHMDA provides the strongest protections in the US for health and biometric data, requiring explicit consent for collection and processing.
Your MHMDA Rights
Right to Delete
Request deletion of consumer health data, with limited exceptions for essential business functions
Right to Access
Confirm processing and obtain copies of your consumer health data in a portable format
Right to Withdraw Consent
Withdraw consent for collection or sharing of consumer health data at any time
Consent Required
Explicit consent required before any collection, use, or sharing of consumer health data
What is Consumer Health Data?
MHMDA Covers Broad Health Information
Consumer health data includes:
- Personal health information: Medical records, diagnoses, treatments, prescriptions
- Biometric data: Fingerprints, voiceprints, iris scans, genetic information
- Precise geolocation: Within 1,750 feet of healthcare facilities
- Inferred health data: Data used to identify health conditions or treatments
- Gender-affirming care: Data related to reproductive health and gender transitions
- Mental health data: Therapy records, psychiatric evaluations, behavioral health
MHMDA Business Requirements
Explicit Consent Required
Must obtain clear, affirmative consent before collecting any consumer health data
45-Day Response
Must respond to consumer requests within 45 days of authentication
No Sale Prohibition
Cannot sell consumer health data without valid authorization
Breach Notification
Must notify consumers of unauthorized access within 30 days of discovery
Who Must Comply with MHMDA
Regulated Entities
Any person conducting business in Washington that collects consumer health data
Small Business Exemption
Entities with less than $25 million annual revenue are exempt from most requirements
HIPAA Entities Exempt
Covered entities under HIPAA are generally exempt from MHMDA requirements
Includes Apps & Websites
Fitness apps, period trackers, mental health apps, and health websites are covered
MHMDA Enforcement & Penalties
Strong Enforcement
Washington Attorney General has broad enforcement authority with significant penalties
Private Right of Action
Consumers can sue for violations, with potential damages and attorney fees
Geofencing Ban
Prohibits geofencing around healthcare facilities for advertising purposes
Criminal Referral
Attorney General may refer willful violations to prosecutors for criminal charges
Exercise Your MHMDA Rights
Important: We make best efforts to remove your health data, but nothing is guaranteed. Results depend on individual company compliance with MHMDA requirements.
Ready to protect your health data privacy in Washington? Contact us for professional assistance.
Email support@sagebrush.services for MHMDA consultationOur team works with Neon Law® attorneys who understand Washington health data privacy law and can help navigate the MHMDA process to protect your sensitive health information.