{"id":2276,"date":"2023-07-13T14:58:00","date_gmt":"2023-07-13T20:58:00","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=resource&#038;p=2276"},"modified":"2025-02-25T09:49:59","modified_gmt":"2025-02-25T15:49:59","slug":"washington-my-health-my-data-act-obligations","status":"publish","type":"resource","link":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/","title":{"rendered":"Washington My Health My Data Act: Obligations"},"content":{"rendered":"\t\t<section id=\"block_5b6136832b6255a0ddc6357dec049df3\" class=\"resource-intro intro-simple\">\n\t\t\t<div class=\"container\">\n\t\t\t\t\t\t\t\t\t<strong class=\"sub-title block uppercase\">Articles<\/strong>\n\t\t\t\t\t\t\t\t\t\t<h1>Washington My Health My Data Act: Obligations<\/h1>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t<section id=\"block_1045af0532e88319dc375b2ea9813d2b\" class=\"columns-content\">\n\t\t<div class=\"container\">\n\t\t\t<div class=\"left\">\n\t\t\t\t\t\t\t<\/div>\n\t\t\t<div class=\"middle\">\n\t\t\t\t<div class=\"content\">\n\t\t\t\t\t<p>Washington\u2019s <a href=\"https:\/\/lawfilesext.leg.wa.gov\/biennium\/2023-24\/Pdf\/Bills\/House%20Passed%20Legislature\/1155-S.PL.pdf#page=1\" target=\"_blank\" rel=\"noopener\">My Health My Data Act<\/a> was signed into law on April 27, 2023, by Governor Jay Inslee and comes into effect on two key dates:<\/p>\n<ul>\n<li>March 31, 2024 \u2013 large businesses<\/li>\n<li>June 30, 2024 \u2013 small businesses<\/li>\n<\/ul>\n<p>The Act requires all organizations defined as a \u2018Regulated Entity\u2019 to meet extensive obligations including a new privacy notice and processes for managing consumer consent (opt-in).<\/p>\n<h2>Consumer health data privacy notice<\/h2>\n<p>A major obligation under Washington\u2019s My Health My Data law is for organizations to update their privacy policies and notices before the Act comes into effect. A separate Consumer Health Data Privacy Notice must be published by the effective dates of the Act (above).<\/p>\n<p>The text of the Act does not give much guidance on how organizations should manage a distinct Consumer Health Privacy Policy, though the Consumer Health Data Privacy Notice must be separate from the standard Privacy Notice and a link clearly and prominently displayed on an organization\u2019s website homepage.<\/p>\n<p>This new privacy notice must state:<\/p>\n<ul>\n<li>categories of consumer health data collected \u2013 and the purposes for collection;<\/li>\n<li>categories of consumer health data shared \u2013 and the purposes for sharing, accompanied by a list of third parties and affiliates with whom the regulated<\/li>\n<li>entity shares consumer health data;<\/li>\n<li>data sources from which consumer health data is collected \u2013 categorized extensively, including by type and location; and<\/li>\n<li>information on how consumers can exercise their privacy rights \u2013 including legal requirements for organizations to get their opt-in consent for collection, sharing and\/or sale of their consumer health data outside what is strictly necessary to deliver a product or service (and act on withdrawal of consent); and the right to know, access, correct or delete their personal health information.<\/li>\n<\/ul>\n<h2>Addressing consumer requests<\/h2>\n<p>Regulated entities must comply with consumer requests to exercise any or all of their privacy rights. The only delay accepted is when a consumer requests deletion of their health data stored in a backup system, and the delay must not exceed six months from the date of the request\u2019s authentication.<\/p>\n<p>TrustArc Lawyer, Andrew Scott, warns the right to delete is all-encompassing:<\/p>\n\t\t\t\t\t\t\t\t<blockquote class=\"w-indent\">\n\t\t\t\t\t\t\t\t\t<p>\u201cWe should interpret the right to deletion is absolute and an organization must delete the data even if they would violate tax reporting obligations (for example) and except for security. The right to delete covers all copies of data stored in backups, archives and third parties \u2013 there is no common exception to comply with consumers\u2019 right to delete beyond a normal basis. Organizations will be required to make modifications to compliance programs and decide which law will be violated.\u201d<\/p>\n\t\t\t\t\t\t\t\t<\/blockquote>\n\t\t\t\t\t\t\t\t<h2>Consumer health data opt-in consents for collection and sharing<\/h2>\n<p>Regulated entities must get separate opt-in consents from consumers before collecting or sharing any consumer health data for any purpose not directly related to providing a product or service requested by a consumer \u2013 these consents must be separate.<\/p>\n<p>Organizations are allowed to collect and share some consumer health data without consent, but only what is strictly necessary to deliver a service or product \u2013 not any extra data for other purposes.<\/p>\n<p>The My Health My Data Act text in Sec 2 (27 a) defines \u201cshare or sharing\u201d as meaning: <em>\u201cto release, disclose, disseminate, divulge, make available, provide access to, license, or otherwise communicate orally, in writing, or by electronic or other means, consumer health data by a regulated entity or a small business to a third party or affiliate.\u201d<\/em><\/p>\n<p>Exclusions apply for some sharing of consumer health data:<\/p>\n<ul>\n<li>disclosure to a processor when the data shared is necessary to provide the goods or services requested by the consumer, in a manner consistent with the purpose of collecting the data that was disclosed to the consumer;<\/li>\n<li>disclosure to a third party with whom the consumer has a direct relationship \u2013 and only when:<br \/>\n(a) the consumer health data disclosed is for purposes of providing the product or service requested by the consumer;<br \/>\n(b) the regulated entity\/small business maintains control and ownership of the consumer health data; and<br \/>\n(c) the third party uses the consumer health data only at the direction of the regulated entity\/small business and consistent with the purpose for which the data was collected and consented to by the consumer;<\/li>\n<li>disclosure or transfer of personal data to a third party as an asset in a merger, acquisition, bankruptcy, or other transaction in which the third party assumes control of all or part of the regulated entity\u2019s\/small business\u2019s assets and complies with the requirements and obligations for consumer health data in the Act.<\/li>\n<\/ul>\n<h2>Valid authorization to sell consumer health data<\/h2>\n<p>Regulated entities must also get a more detailed form of consent \u2013 valid authorization \u2013 before selling (or making available for sale) any consumer health data.<\/p>\n<p>A valid authorization must include:<\/p>\n<ul>\n<li>details of the consumer health data intended for sale;<\/li>\n<li>consumer\u2019s signature (authorizing the sale);<\/li>\n<li>date the consumer authorized the sale \u2013 and a one-year expiration date; and<\/li>\n<li>contact information for each of the organization\/s or person\/s collecting, selling or buying the consumer health data.<\/li>\n<\/ul>\n<p>The My Health My Data Act text in Sec 2 (26 a) defines \u201csell or sale\u201d as meaning: <em>\u201cthe exchange of consumer health data for monetary or other valuable consideration\u201d.<\/em><\/p>\n<p>Exclusions apply for consumer health data sold to:<\/p>\n<ul>\n<li>a third party as an asset in a merger, acquisition, bankruptcy or other transaction (and the same requirements and obligations for third parties as those for shared data in such cases); or<\/li>\n<li>a processor when the exchange is consistent with the purpose for which the data was collected and consented to by the consumer.<\/li>\n<\/ul>\n<h2>Binding contracts with service providers<\/h2>\n<p>Regulated entities under the Act must enter binding contracts with any service providers, which must include:<\/p>\n<ul>\n<li>instructions for how a provider can process consumer health data consistent with the contract;<\/li>\n<li>limits on what actions a provider may take with the consumer health data; and<\/li>\n<li>a requirement for the processor to help fulfill the regulated entity\u2019s obligations under the Act.<\/li>\n<\/ul>\n<p>Note: Sec 8 (1 c) warns that if a service provider fails to correctly follow a regulated entity\u2019s instructions in their contract, or processes data in a manner outside the scope of their contract, the service provider will be considered a regulated entity\/small business under the Act and subject to the same obligations.<\/p>\n<h2>Prohibits on the use of geofences<\/h2>\n<p>The Act states in Sec 10: \u201cIt is unlawful for any person to implement a geofence around an entity that provides in-person health care services where such geofence is used to:<\/p>\n<ul>\n<li><em>identify or track consumers seeking health care services;<\/em><\/li>\n<li><em>collect consumer health data from consumers; or<\/em><\/li>\n<li><em>send notifications, messages, or advertisements to consumers.\u201d<\/em><\/li>\n<\/ul>\n<h2>Data security measures<\/h2>\n<p>The Act requires regulated entities to <em>\u201cpreserve the integrity or security of systems\u201d<\/em> and <em>\u201cprotect against or respond to security incidents, identify theft, fraud, harassment, malicious or deceptive activities,\u201d<\/em> or any illegal activity under Washington state of federal law.<\/p>\n<p>Data security policies, practices, and processes must be established and maintained to restrict access to consumer health data so it can only be used by employees, processors, or contractors for intended and declared purposes which the consumer has requested and consented to \u2013 or for purposes strictly necessary to provide a requested service or product.<\/p>\n<p>My Health My Data Act (Sec 7 (1 b) states data security must <em>\u201cat a minimum, satisfy reasonable standard of care within the regulated entity\u2019s\/small business\u2019s industry to protect the confidentiality, integrity, and accessibility of consumer health data appropriate to the volume and nature of the consumer health data at issue.\u201d<\/em><\/p>\n\t\t\t\t\t\t\t\t\t<div class=\"question-box-multiple\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Complexity_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Serious Privacy Podcast<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>My Health, My Data, My Goodness &#8211; The new WA law<\/p>\n<a href=\"https:\/\/www.buzzsprout.com\/840448\/12698254\" target=\"_blank\" rel=\"noreferrer\" class=\"cta\">Listen now<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"question-box bg-white\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"icon\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/icon_Pages_Small.svg\" class=\"attachment-full size-full\" alt=\"\" \/>\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Washington MHMDA Implications<\/h4>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<p>Read the accompanying article in this series: Washington My Health My Data Act: Implications<\/p>\n<a href=\"\/resource\/washington-my-health-my-data-act-implications\/\" class=\"cta\">Read more<\/a>\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\t<div class=\"right sm\">\n\t\t\t\t<div class=\"share-it\">\n\t\t\t\t\t<strong class=\"title block uppercase\">Follow us<\/strong>\n\t\t\t\t\t<div class=\"soc-list\">\n\t\t\t\t\t\t<a href=\"https:\/\/www.linkedin.com\/company\/trustarc\/\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/li-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"\nhttps:\/\/twitter.com\/TrustArc\" target=\"_blank\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/tw-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<a href=\"javascript:;\" id=\"copy-url\"><img decoding=\"async\" src=\"https:\/\/trustarc.com\/wp-content\/themes\/trustarc\/assets\/dist\/images\/link-dark.svg\" alt=\"\" \/><\/a>\n\t\t\t\t\t\t<span class=\"copied\" style=\"display:none;\">Link Copied!<\/span>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<div class=\"key-topics\">\n\t\t\t\t\t\t<strong class=\"title block uppercase\">Key Topics<\/strong>\n\t\t\t\t\t\t<ul>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<li><a href=\"https:\/\/trustarc.com\/topic-resource\/us-consumer-privacy-laws\/\" class=\"badge\">US Consumer Privacy Laws<\/a><\/li>\n\t\t\t\t\t\t\t\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t<div class=\"cta-area\">\n\t\t\t\t\t<p>Get the latest resources sent to your inbox<\/p>\n\t\t\t\t\t<a href=\"\/subscription-center\/\" class=\"cta\">Subscribe<\/a>\n\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t<section id=\"block_4e7895fd9f2d1d67df913f4c2c955d3e\" class=\"resource-section\">\n\t\t\t<div class=\"container\">\n\t\t\t<div class=\"resource-head\">\n\t\t\t\t\t\t\t<h2>Related resources<\/h2>\n\t\t\t\t<a href=\"\/resources\/\" class=\"cta block\">View all resources<\/a>\t\t<\/div>\n\t\t\t\t\t\t<ul class=\"resource-lists \">\n\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/global-life-sciences-leader-case-study\/\" class=\"resource-single\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"380\" height=\"120\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-gray-test-380x120.png\" class=\"attachment-380x120 size-380x120 wp-post-image\" alt=\"\" \/>\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Case Studies<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>From Days to Minutes: How a Global Life Sciences Leader Automated Global Privacy Compliance<\/h4>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/india-dpdpa-compliance-checklist\/\" class=\"resource-single\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"380\" height=\"120\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-rect-blue-380x120.png\" class=\"attachment-380x120 size-380x120 wp-post-image\" alt=\"\" \/>\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Infographics, Research<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>India\u2019s Digital Personal Data Protection Act (DPDPA) Compliance Checklist<\/h4>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t\t\t\t\t<li>\n\t\t\t\t\t<a href=\"https:\/\/trustarc.com\/resource\/global-privacy-trends-apac-consent-latam-adtech-gcc-data-rights\/\" class=\"resource-single\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"img-holder\">\n\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"380\" height=\"120\" src=\"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/02\/res-feat-woven-pink-380x120.png\" class=\"attachment-380x120 size-380x120 wp-post-image\" alt=\"\" \/>\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t<div class=\"text-holder\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"resource-label uppercase\">Articles<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<h4>Emerging Global Privacy Trends: APAC UX Consent, LATAM AdTech Restrictions, GCC Data Rights Expansion<\/h4>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/a>\n\t\t\t\t<\/li>\n\t\t\t\t\t\t<\/ul>\n\t\t\t\t\t<\/div>\t\t<\/section>\n\t\t","protected":false},"excerpt":{"rendered":"<p>TrustArc\u2019s privacy experts review the obligations for organizations defined as a \u2018regulated entity\u2019 under the Washington My Health My Data Act.<\/p>\n","protected":false},"featured_media":1256,"template":"","topic-resource":[114],"type-resource":[6],"class_list":["post-2276","resource","type-resource","status-publish","has-post-thumbnail","hentry","topic-resource-us-consumer-privacy-laws","type-resource-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Washington My Health My Data Act: Obligations | TrustArc<\/title>\n<meta name=\"description\" content=\"TrustArc\u2019s privacy experts review the obligations for organizations defined as a \u2018regulated entity\u2019 under the Washington My Health My Data Act.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/washington-my-health-my-data-act-obligations\\\/\",\"url\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/washington-my-health-my-data-act-obligations\\\/\",\"name\":\"Washington My Health My Data Act: Obligations | TrustArc\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/washington-my-health-my-data-act-obligations\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/washington-my-health-my-data-act-obligations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-rect-blue-test.png\",\"datePublished\":\"2023-07-13T20:58:00+00:00\",\"dateModified\":\"2025-02-25T15:49:59+00:00\",\"description\":\"TrustArc\u2019s privacy experts review the obligations for organizations defined as a \u2018regulated entity\u2019 under the Washington My Health My Data Act.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/trustarc.com\\\/resource\\\/washington-my-health-my-data-act-obligations\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/resource\\\/washington-my-health-my-data-act-obligations\\\/#primaryimage\",\"url\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-rect-blue-test.png\",\"contentUrl\":\"https:\\\/\\\/trustarc.com\\\/wp-content\\\/uploads\\\/2024\\\/01\\\/res-feat-rect-blue-test.png\",\"width\":610,\"height\":152},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/trustarc.com\\\/#website\",\"url\":\"https:\\\/\\\/trustarc.com\\\/\",\"name\":\"TrustArc\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/trustarc.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Washington My Health My Data Act: Obligations | TrustArc","description":"TrustArc\u2019s privacy experts review the obligations for organizations defined as a \u2018regulated entity\u2019 under the Washington My Health My Data Act.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/","url":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/","name":"Washington My Health My Data Act: Obligations | TrustArc","isPartOf":{"@id":"https:\/\/trustarc.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/#primaryimage"},"image":{"@id":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/#primaryimage"},"thumbnailUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-blue-test.png","datePublished":"2023-07-13T20:58:00+00:00","dateModified":"2025-02-25T15:49:59+00:00","description":"TrustArc\u2019s privacy experts review the obligations for organizations defined as a \u2018regulated entity\u2019 under the Washington My Health My Data Act.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/trustarc.com\/resource\/washington-my-health-my-data-act-obligations\/#primaryimage","url":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-blue-test.png","contentUrl":"https:\/\/trustarc.com\/wp-content\/uploads\/2024\/01\/res-feat-rect-blue-test.png","width":610,"height":152},{"@type":"WebSite","@id":"https:\/\/trustarc.com\/#website","url":"https:\/\/trustarc.com\/","name":"TrustArc","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustarc.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource\/2276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/resource"}],"about":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/types\/resource"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media\/1256"}],"wp:attachment":[{"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/media?parent=2276"}],"wp:term":[{"taxonomy":"topic-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/topic-resource?post=2276"},{"taxonomy":"type-resource","embeddable":true,"href":"https:\/\/trustarc.com\/wp-json\/wp\/v2\/type-resource?post=2276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}