The My Health, My Data Act imposes health data requirements on businesses beyond the scope of the Health Insurance Portability and Accountability Act (HIPAA). Below is a non-exhaustive list of the types of businesses that could be subject to the requirements of the My Health, My Data Act if they: (a) collect, share, or use consumer health data of Washington State residents, or (b) engage in the collection, sharing, or use of consumer health data in Washington.
- Health and Nutrition Apps: Some health and nutrition apps offer functionalities for tracking, managing, and monitoring health. These apps may collect health-related data, such as fitness activities, sleep patterns, diet, and even symptom tracking. Examples include symptom checkers, mental health apps, and medication trackers.
- Wearable Device Manufacturers: Companies that produce wearable devices like smartwatches, fitness trackers, and health monitors may collect consumer health data. These devices capture metrics such as heart rate, steps taken, sleep patterns, and more.
- Social Media Platforms: Social media platforms, though not primarily focused on health, may collect health-related data shared by users. Individuals often discuss health conditions, seek advice, or share experiences on these platforms, providing insights into their health status.
- Digital Health Coaching Platforms: Online platforms that offer health coaching, counseling, or virtual consultations often collect and analyze health data shared by individuals seeking guidance. These platforms may focus on areas such as mental health, weight management, or chronic disease management.
- Fitness Facilities and Gyms: Fitness facilities and gyms often collect health data from their members, including medical histories, fitness assessments, and workout routines.
- Health and Fitness Consultants: Independent health and fitness consultants provide personalized guidance and support to individuals seeking to improve their well-being. These consultants may collect and analyze health data to assess clients' current health status, develop customized plans, and track progress over time.
- Nutritional and Dietary Services: Companies providing dietary planning, nutritional counseling, or meal delivery services may collect health-related data to offer personalized recommendations.
- Health-Related Websites: Health-related websites may track the browsing behavior of users, including information on user preferences, site interactions, and other data relevant to the user's experience on the website. This information could constitute consumer health data.
- Health Data Marketplaces: Platforms that facilitate the exchange of health data between consumers, researchers, and organizations could fall under the My Health My Data Act. These marketplaces enable individuals to share their health data for research purposes.
- Personal Health Record Providers: Organizations offering personal health record (PHR) services could be subject to the My Health My Data Act. These platforms allow consumers to aggregate and manage their health information from various sources, empowering individuals with control and access to their health data.
- Health and Wellness Platforms: Companies operating online health and wellness platforms that provide information, support communities, or offer personalized recommendations may fall within the scope of the My Health My Data Act. These platforms often collect and process consumer health data to deliver tailored content and services.
- Schools: Schools may collect health data from students in various ways to ensure the well-being and safety of students. If a school is not a “governmental agency,” and any such data is not “protected health information” under the Health Insurance Portability and Accountability Act (HIPAA) or information that is subject to the Family Educational Rights and Privacy Act (FERPA), the school may be subject to the requirements of the My Health, My Data Act.
- Health-Related Consumer Research Companies: Consumer research companies specializing in health-related studies and surveys collect data from individuals to understand consumer preferences, behaviors, and attitudes towards health products, services, or interventions.
- Medical Device Manufacturers: Companies manufacturing medical devices, such as insulin pumps, cardiac monitors, or smart inhalers, may collect and process health data generated by these devices.
- Grocery Stores: Certain grocery and other health food stores may offer loyalty programs that allow customers to provide health-related information such as dietary preferences, food allergies, or specific nutritional requirements. This data can be used to offer personalized product recommendations and discounts.
- Alternative Medicine and Natural Health Stores: Retailers specializing in alternative medicine, herbal remedies, or natural health products may collect health-related information to offer personalized advice, recommend suitable products, or assist customers with specific health concerns.
- Health Insurance Brokers and Consultants: Health insurance brokers and consultants assist individuals and businesses with navigating the complex landscape of insurance products. While they primarily focus on providing guidance and advice on insurance options, they may also collect certain health data in the course of their services.
- Health Data Crowdsourcing Platforms: Crowdsourcing platforms that allow individuals to voluntarily contribute their health data for research purposes may collect and aggregate health information from a diverse pool of participants.
- Wellness Resorts and Spas: Wellness resorts, retreat centers, or spas may allow consumers to share health-related information. This could include dietary preferences, wellness goals, or specific health concerns to enhance the personalized experience and provide tailored services.
- Health Insurance Aggregators: Websites or platforms that facilitate health insurance comparisons and quotes collect health-related information from individuals seeking insurance coverage. This data helps them generate personalized insurance recommendations based on users' health needs and preferences.
- Health Data Analytics Companies: Companies specializing in health data analytics may collect and analyze health data to generate insights, support medical advancements, and improve patient care.
- Health Data Monetization Platforms: Platforms that enable individuals to monetize their health data by voluntarily sharing it with researchers, marketers, or pharmaceutical companies may collect health information from users.
- Optical Stores: Stores specializing in eyewear and vision care, such as optometry clinics or optical centers, may collect health information related to customers' visual health, eye prescriptions, and eye health history. This information is essential for accurate prescription eyewear fitting and ongoing eye care.
- Medical Supply Stores: Retailers that sell medical supplies and equipment, such as mobility aids, home healthcare products, or diabetic supplies, may collect health information necessary for the purchase and use of these products. This can include information about medical conditions, functional limitations, or specific equipment needs.
- Personal Care and Beauty Stores: Retailers specializing in personal care and beauty products, such as skincare stores or beauty supply shops, may collect health-related information like skin conditions, allergies, or sensitivities to assist customers in selecting suitable products.
- Maternity and Baby Stores: Retailers catering to expectant mothers and newborns may collect health information such as due dates, pregnancy progress, or infant health information to offer personalized recommendations and services.
- Specialty Nutrition Stores: Stores specializing in dietary supplements, organic foods, or specialized diets may collect health information related to customers' dietary preferences, allergies, or specific health goals to provide tailored nutritional advice and product recommendations.
- Medical Cannabis Dispensaries: Medical cannabis dispensaries may collect health information from patients seeking medical marijuana products. This information is used to assess eligibility and provide appropriate product recommendations.
- Weight Loss Centers: Retail centers focused on weight loss programs and products may collect health information from clients to assess their current health status, track progress, and provide personalized weight loss recommendations.
- Rehabilitation and Mobility Stores: Retailers that offer rehabilitation equipment, mobility aids, or assistive devices may collect health-related information to assess customers' needs, recommend suitable products, and ensure proper fitting and usage
- Health and Wellness Product Manufacturers: Manufacturers of health and wellness products, such as supplements or home healthcare equipment, may collect user data through product registration, warranties, or customer feedback.
- Digital Health Marketing and Advertising Agencies: Marketing and advertising agencies that specialize in promoting health products, services, or campaigns may collect health-related data for targeted advertising and marketing purposes.
- Meal Kit Delivery Services: Meal kit delivery services that provide pre-portioned ingredients and recipes may allow consumers to share health-related data such as dietary restrictions, food preferences, or nutritional goals. This information can be used to curate personalized meal plans and offer relevant promotions.
- Health Education and Awareness Organizations: Non-profit organizations or advocacy groups focused on health education and awareness campaigns may collect health data through surveys, questionnaires, or participant feedback.
- Direct-to-Consumer Genetic Testing Companies: Direct-to-consumer genetic testing companies, which offer genetic analysis services to individuals, could fall under the ambit of the My Health My Data Act. These companies may collect and process genetic data, enabling individuals to explore their ancestry, health predispositions, and inherited traits.
- Virtual Reality (VR) Health Applications: VR applications used for healthcare purposes, such as pain management, mental health therapies, or rehabilitation exercises, may collect and process health data as part of the user experience.
It is important to note that this list is not exhaustive, and there may be other businesses and organizations that are subject to the My Health, My Data Act. Please contact Casey Moriarty or Maddie Haller of the Ogden Murphy Wallace health care team for more information about the Act.