XIRA

Washington My Health My Data Act

WAFor companies using AIMediumseverityIn effect

In effect since

Overview

Broad health data privacy law covering health data collected outside HIPAA, including data from health-related AI tools, wearables, and wellness apps.

This is a privacy law with automated decision-making provisions.

Who this applies to

This regulation applies to companies that use or deploy AI tools and systems built by other vendors. If your company uses AI-powered products in the areas listed below, this regulation may apply to you.

AI categories covered

  • Healthcare AI
  • Consumer-facing AI

Specific AI use cases:

  • Diagnostic and clinical AI

What this requires you to do

  • Consent required

    Obtain consent. Get explicit permission from individuals before collecting or using their data with AI.

  • Transparency notice required

    Provide transparency notices. Inform affected individuals that AI is being used and how it influences decisions.

  • Data access rights

    Provide data access. Consumers can request access to data collected and used by your AI systems.

Enforcement and penalties

Private right of action. Enforced under Washington Consumer Protection Act. Up to $7,500 per violation.

This regulation includes a private right of action, which means individuals can file lawsuits directly. This significantly increases litigation risk.

Source

Read the full text

https://app.leg.wa.gov/billsummary?BillNumber=1155&Year=2023

Always verify current language and amendments at the official source.

Other Washington regulations

Explore more rules in the same jurisdiction that may apply to your AI systems.

Want to know what else applies to your company?

Run a free XIRA scan to see all regulations that match your states and AI tools.

Start your free scan