The states have increased privacy laws to protect sensitive health data beyond the HIPAA coverage.
More states are taking steps to give people better control over their health information while maintaining data confidentiality. Federal law known as HIPAA was designed to protect health data, but not everything is covered. For example, this applies to most doctors, hospitals and insurance companies. It is not always accumulated on precision information through fitness apps, period trackers, or online health tools that many people use every day. At this point, new laws of state laws are starting to fill the space.
In Washington, My Health, My Data Act was created to protect precision information, which is beyond the reach of HIPAA. This includes reproductive care, gender certification treatment, and even where someone’s call goes, if they want to take care, statistics. The law makes it clear that companies cannot collect or share such information without obtaining permission. This is not applied to doctors or clinics – it applies to any business that handles consumer health data. If a company breaks the law, Washington allows people to take legal action, not just relying on government enforcement.
Nevada passed a similar law last year. When it comes to their health data, especially reproductive health information, it gives people strong rights to privacy. However, contrary to Washington’s law, it is not allowed to prosecute people directly against companies. Only the Attorney General of the state can take action.
Virginia is also changing how health data is saved. Starting in July 2025, new rules will be implemented under the Virginia Consumer Protection Act. These changes are focused on sensitive health topics such as pregnancy, birth control and sexual health. The law says companies have to get clear permission before collecting or sharing such data. It is applied not only to health care providers, but to many businesses. In some cases, people in Virginia can sue violations, and companies can be fined if they do not follow the rules.
New York has introduced a law called the Health Information Privacy Act. Although it does not allow individuals to be prosecuted, it gives the power to enforce it. The fines can stand – which is a violation or a part of the company’s income, up to 000 15,000. The purpose is to how to handle the business information on the business, especially if they do business in New York or serve its residents.
Other states such as California and Colorado have also passed vast privacy laws that touch health data. These rules do not focus on medical records. These include things like a sexual or mental health status. The definition of the count as a sensitive data may vary in terms of state, but the message is clear: People want to say more and more about who sees their health information and how it is used.
Since more states go ahead with privacy concerns, businesses inside and outside health care will need to be reviewed on how they collect and use personal health information. These changes show that the days of relying on HIPAA are ending. Now, companies should maintain both the federal and state rules – or there is a risk of legal trouble.
Sources:
Included alternate house bill 115
State Rules increases the privacy of health data over HIPAA limits
Washington HB 1155 protects data that is not in HIPAA’s cover
