As states increase their efforts to establish stronger data privacy laws, Washington and Nevada have taken significant steps in 2024 with new legislation aimed at protecting consumer health data. This trend is anticipated to persist into 2025, largely driven by reactions to the previous administration’s commitment to trimming federal regulations, according to attorney Melissa Crespo of Morrison Foerster.
The two state laws that have come into effect this year represent a pioneering approach to consumer health data oversight. Washington’s “My Health My Data Act” and Nevada’s SB370 establish comprehensive rules governing the management and disclosure of health data not protected by existing federal regulations like HIPAA. In a discussion with Information Security Media Group, Crespo emphasized the importance of these developments, noting that they are among the first to explicitly address consumer health data privacy.
Crespo anticipates that more states will emulate these initiatives, particularly in light of federal oversight reductions expected under the incoming administration. She pointed out that states are likely to act preemptively to address potential regulatory gaps that may arise from diminished federal guidance on health information privacy.
The legislative evolution may also focus on enhancing protections for sensitive health information, such as reproductive health data, which could fall under threat from less protective federal policies. Crespo indicated that vigilant monitoring of both federal and state privacy developments will be crucial in the coming years.
In her interview, Crespo delved into several additional topics that demand attention. She analyzed national trends in state data privacy and cybersecurity regulations expected to unfold in 2025, and discussed the Federal Trade Commission’s priorities in regulating health data privacy. Furthermore, she addressed the implications of HIPAA audits and enforcement actions anticipated with the transition to a new administrative regime.
As a partner and privacy and data security attorney with Morrison Foerster, Crespo specializes in navigating the complexities of compliance within the healthcare sector. Her experience encompasses advising clients on adherence to both HIPAA and other pertinent laws governing the collection and usage of health information.
The developments in state-level legislative actions highlight an emerging landscape where local regulations are stepping in to fill potential voids in federal oversight. Business owners in the tech sector should remain attentive to these changes, as they directly impact compliance and risk management strategies concerning the handling of sensitive health information.
