An Act relative to consumer health data
Massachusetts bill establishes consumer health data privacy rights including consent requirements, data access/deletion, security standards, and penalties for violations by non-healthcare entities.
Massachusetts bill establishes consumer health data privacy rights including consent requirements, data access/deletion, security standards, and penalties for violations by non-healthcare entities.
H.461 establishes comprehensive consumer health data privacy protections in Massachusetts, requiring businesses that collect health information to implement safeguards, obtain explicit consent, and provide consumers with rights to access, correct, and delete their data. The bill creates standards for data security, breach notification, and penalties for violations, positioning Massachusetts among states with stronger health privacy regulations.
Health data is increasingly valuable and vulnerable—breaches expose sensitive information tied to individuals' medical conditions, treatments, and insurance status. With federal HIPAA protections covering only healthcare providers and plans, this bill addresses a significant gap by protecting consumer health data collected by retailers, fitness apps, wellness companies, and other entities outside traditional healthcare. This could establish a model for other states and influence how businesses nationwide handle sensitive health information.
Compiled from official sources — confirm details with the bill’s official record.
Sign in to ask a question.