[{"title":"Hospitals are selling treasure troves of medical data — what could go wrong?","url":"https://www.theverge.com/2021/6/23/22547397/medical-records-health-data-hospitals-research"},{"title":"Should we trust Apple with mental health data?","url":"https://www.theverge.com/23699287/apple-quartz-ai-mental-health-watch"}]

Washington passes law requiring consent before companies collect health data

An illustration of a large eye surrounded by other eyes
Illustration: Alex Castro / The Verge

A new Washington state law will require companies to receive a user’s explicit consent before they can collect, share, or sell their health data. Washington Governor Jay Inslee signed the My Health, My Data bill into law on Thursday, giving users the right to withdraw consent at any time and have their data deleted.

The law should help shield users’ health data from the companies and organizations not included under the HIPAA Privacy Rule, which prevents certain medical providers from disclosing “individually identifiable” health information without consent. The HIPAA Privacy Rule doesn’t cover many of the health apps and sites that collect medical data, allowing them to freely collect and sell this information to advertisers.


Continue reading…