Today, personal health information is at the mercy of a surveillance infrastructure built around the exploitation and sale of data on the private market. Existing health privacy laws, such as HIPAA, are woefully unequipped to address the risks and data practices of the digital era. Health data is collected, inferred, and sold online at alarming rates, leaving individuals vulnerable to privacy violations through the sharing of the most intimate information about their bodies. The overturning of Roe v. Wade and the criminalization of abortion in some states has created especially strong risks around reproductive health information; with individual health data so easily accessible, law enforcement and other interested third parties are able to circumvent procedural barriers and obtain deeply private health information without obstacle.
This Note argues that, in the absence of federal data privacy legislation, states must address the problem of reproductive health data surveillance through targeted state legislation. Washington’s My Health My Data Act (MHMDA) is analyzed as an example of state data privacy legislation that closes gaps left by HIPAA and protects sensitive health data. Its strengths are identified through comparison to other data privacy legislation, both at home and abroad, to in turn recommend a model of health data privacy legislation for other states to adopt.
States must take advantage of the potential state law holds to safeguard rights and protections beyond current federal guarantees. Not only can greater reproductive health privacy be secured for residents of states that enact such legislation; widespread state adoption of health data privacy statutes can bring about a shift in norms for data collection and health information privacy practices nationwide.