An act relating to the collection, sharing, and selling of consumer health data
If enacted, this legislation will significantly impact how businesses and organizations in Vermont handle consumer health data. It mandates clear disclosures and restricts the sale of health data without explicit consumer authorization. The bill also grants consumers the right to access, delete, and control their health data, ensuring they are informed and in control of how their information is used. It places responsibility on regulated entities and small businesses to maintain strict privacy policies and requires them to implement appropriate data security measures.
Bill S0074, known as the Vermont My Health My Data Act, aims to establish comprehensive regulations regarding the collection, sharing, and selling of consumer health data. The bill seeks to enhance privacy protections for consumers, closing gaps left by existing federal legislation such as HIPAA, which does not extend protections to data collected by non-covered entities like apps and websites. By requiring explicit consumer consent for data collection and sharing, the bill emphasizes consumer empowerment and transparency in how health data is handled by various entities.
Notably, S0074 includes provisions that prohibit the use of geofences near health care facilities to track consumer behavior, which has raised discussions regarding the balance between consumer privacy and business interests. While proponents argue that stronger regulations are necessary to protect individual health information, critics may raise concerns about potential burdens on businesses, especially smaller entities, in complying with these new privacy standards. The legislation is seen as a critical move towards bolstering consumer rights in the digital age while simultaneously opening a dialogue on the implications for healthcare providers and tech companies operating in Vermont.