HEALTH DATA PRIVACY ACT
Illinois establishes comprehensive privacy rights for health data outside HIPAA, requiring consent, security standards, and access/deletion rights for all residents' sensitive health information.
Illinois establishes comprehensive privacy rights for health data outside HIPAA, requiring consent, security standards, and access/deletion rights for all residents' sensitive health information.
HB 3494 is Illinois's Health Data Privacy Act, which establishes comprehensive privacy protections for health information held by entities outside traditional HIPAA-regulated healthcare providers. The bill creates new requirements for data collection, usage, sharing, and security standards for health data, including reproductive health information, genetic data, and mental health records. It grants Illinois residents rights to access, correct, and delete their health data, with enforcement mechanisms and penalties for violations.
Health data increasingly flows through non-regulated entities—apps, wearables, social media platforms, and data brokers—creating privacy gaps that existing federal law doesn't address. This bill directly impacts how companies can monetize health information and protects vulnerable populations seeking sensitive services, particularly regarding reproductive healthcare in the current political environment. The legislation could serve as a model for other states and influence national data privacy standards.
Compiled from official sources — confirm details with the bill’s official record.
Sign in to ask a question.