The Washington State legislature passed House Bill 1155, aka the My Health, My Data Act, last week. Governor Jay Inslee is expected to sign this into State law later this year. The bill expands privacy protections for Washington State’s health citizens beyond HIPAA’s provisions.






The My Health, My Data Act defines “consumer health data” as “personal information that is linked or reasonably linkable to a consumer and that identifies a consumer’s past, present, or future physical or mental health.” 

The ethos of the name and the intent of this law is a perfect vision for considering what we hear and learn this week coming out of the 2023 HIMSS Annual Conference as the meeting kicks off today.

First, the law.

The Act defines “consumers” as people residing in Washington state as well as people whose health data is collected in Washington and those identified through quote, “unique identifiers.” That could include such data tags as cookie identifiers, device identifiers, and IP addresses.

Note that 3 in 4 Washingtonians supported the law when polled in March 2023, with only 17% of people opposing it.

With that health privacy milestone in mind, now consider #HIMSS23, expected to attract around 40,000 attendees convening at the McCormick Place convention center.

The meeting’s tagline this year is “Health That Connects + Tech That Cares.” That’s a good start and intent for putting people first for their own health and the health of the people for whom they care.

The keynote and education sessions at the meeting will address a broad range of themes: this list will give you a sense of the flavors of those discussions, in no particular order:

  • Mental and behavioral health tech innovations (example: preventing suicide in care settings)
  • Climate change (example: climate impact, risk and sustainability in healthcare)
  • Clinician and staff burnout (example: turning the Great Resignation into the Great Retention)
  • Health equity and social justice (example: data for health equity to improve maternal outcomes, and “how well do you know the communities you serve?”)
  • AI, from applications and analytics to ethics (example: Machine Learning AI-Driven Community Coalition: Digital Outreach Improves Asthma Among Low-Income Children…and no doubt ChatGPT will be mentioned more than a few times throughout the week)
  • Health data integration and interoperability (with updates on the cloud, standards, and digital transformation among other data-technical issues)
  • Open-data ecosystems, and other big ideas (such as how to access, organize, and deploy social determinants of health data)
  • Privacy, security, and cybersecurity (such as Privact and Security of Smart Medical Devices for Older Adults)
  • Policies shaping health IT, from US and global perspectives (such as digital health policy in the 118th Congress, and,
  • Virtual care, telehealth, and hospital-at-home (such as Is Home the New Hospital?, and Seeing is Believing – Inside the World’s Biggest Hospital),

among other themes.

I’m particularly keen to hear what’s explored in sessions on reinventing street medicine through leveraging digital technology, leveraging in-house machine learning innovations for a more human touch, human-centered design and the digital patient journey, and a panel on data justice brainstorming ethical practices for equitable health.

Health Populi’s Hot Points:  The Washington state Act called “My Health, My Data” is meant to fill in the holes in the patchwork quilt that HIPAA, implemented in 1996, leaves open to data leakage and exploitation by forces that may not have a patient’s best interests at heart. Furthermore, with the advent of smartphones, wearable technology, and cloud computing, AI and machine learning, and other platforms and innovations that have emerged in the past 25+ years since HIPAA’s introduction, we are in a very different operating environment for healthcare than we were over a quarter-century ago.

We know that “health information” encompasses much more than data stored in a health plan’s claims system or a pharmacy benefit manager’s computer data base.

Health is made as much outside of medical care providers’ sites as it is at home, at work, at play, at school.

And the data generated through our phones and smartwatches and wearable devices and smart gym equipment has everything to do with our health and wellbeing when combined with other data.

In 2014, the California Healthcare Foundation commissioned me to research and write a paper called Here’s Looking At You: How Personal Health Information is Being Tracked and Used, That was nearly ten years ago, and back then we knew HIPAA was “leaky” and subject to third parties accessing and brokering our personal health information outside of our health/ care lives.






California implemented the CCPA in 2018 to address these and other risks to Californians’ personal data, and other states including Colorado, Connecticut, Iowa, Utah and Virginia have so far implemented comprehensive privacy laws that cover their states’ citizens’ rights to controlling their health data and assuring privacy for their body, their self.

Self-care and health/care at home and closer-to-home in our communities and trust local touch-points is a growing phenomenon in the U.S. and much of the world. In Europe, where health citizens are covered by the GDPR for privacy across all sorts of data, people have rights and responsibilities covering all data for health purposes and beyond.

In the U.S., we are in a place where some states have privacy protections for their health citizens, and most still do not.

As we learn new technology innovations and approaches to business modes and sites of delivery at #HIMSS23, we should be mindful that a patient treated in one state may have data protections not extended by another state. Nor are base platforms for accessing care, services and information distributed to or accessible by all U.S. health citizens: think broadband and Wi-Fi, access to clinical trial participation, and key drivers of health such as food security and transportation lines.

Grateful that #HIMSS23 will be convening some sessions on issues that address some of these challenges. Hopeful that every one in attendance will be mindful of the challenges that they can go back to the hard work of keeping people, consumers, caregivers — all health citizens wherever they may call their ZIP or postal code — at the center of what we do to continue to improve the health of people and healthcare workflows and relationships for workers on the front line of care. Remember that digital health literacy is a “super determinant of health.”