HEALTH DATA PRIVACY ACT

Session: 103rd General Assembly
Year: 2024
Bill #: SB3080
Category: Public Health, Hospital Facilities and Nursing Homes
Position: No position
Mandate?
Revenue Loss?
Authority Preemption?

View bill

Summary as Introduced

Creates the Protect Health Data Privacy Act. Provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information. Sets forth provisions concerning health data privacy policies. Provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances. Provides that it is unlawful for any person to sell or offer to sell health data concerning a consumer without first obtaining valid authorization from the consumer. Provides that a valid authorization to sell consumer health data must contain specified information; a copy of the signed valid authorization must be provided to the consumer; and the seller and purchaser of health data must retain a copy of all valid authorizations for sale of health data for 6 years after the date of its signature or the date when it was last in effect, whichever is later. Sets forth provisions concerning the consent required for collection, sharing, and storage of health data. Provides that a consumer has the right to withdraw consent from the collection, sharing, sale, or storage of the consumer's health data. Provides that it is unlawful for a regulated entity to engage in discriminatory practices against consumers solely because they have not provided consent to the collection, sharing, sale, or storage of their health data or have exercised any other rights provided by the provisions or guaranteed by law. Sets forth provisions concerning a consumer's right to confirm whether a regulated entity is collecting, selling, sharing, or storing any of the consumer's health data; a consumer's right to have the consumer's health data that is collected by a regulated entity deleted; prohibitions regarding geofencing; and consumer health data security. Provides that any person aggrieved by a violation of the provisions shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. Provides that the Attorney General may enforce a violation of the provisions as an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Defines terms. Makes a conforming change in the Consumer Fraud and Deceptive Business Practices Act.



Back to Bill List