summary
Introduced
05/16/2023
05/16/2023
In Committee
04/19/2024
04/19/2024
Crossed Over
Passed
Dead
01/08/2025
01/08/2025
Introduced Session
103rd General Assembly
Bill Summary
Creates the Protect Health Data Privacy Act. Provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information. Sets forth provisions concerning health data privacy policies. Provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances. Provides that it is unlawful for any person to sell or offer to sell health data concerning a consumer without first obtaining valid authorization from the consumer. Provides that a valid authorization to sell consumer health data must contain specified information; a copy of the signed valid authorization must be provided to the consumer; and the seller and purchaser of health data must retain a copy of all valid authorizations for sale of health data for 6 years after the date of its signature or the date when it was last in effect, whichever is later. Sets forth provisions concerning the consent required for collection, sharing, and storage of health data. Provides that a consumer has the right to withdraw consent from the collection, sharing, sale, or storage of the consumer's health data. Provides that it is unlawful for a regulated entity to engage in discriminatory practices against consumers solely because they have not provided consent to the collection, sharing, sale, or storage of their health data or have exercised any other rights provided by the provisions or guaranteed by law. Sets forth provisions concerning a consumer's right to confirm whether a regulated entity is collecting, selling, sharing, or storing any of the consumer's health data; a consumer's right to have the consumer's health data that is collected by a regulated entity deleted; prohibitions regarding geofencing; and consumer health data security. Provides that any person aggrieved by a violation of the provisions shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. Provides that the Attorney General may enforce a violation of the provisions as an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Defines terms. Makes a conforming change in the Consumer Fraud and Deceptive Business Practices Act.
AI Summary
This bill creates the Protect Health Data Privacy Act, which applies to consumers seeking or obtaining health services in Illinois and regulated entities that collect, share, sell, or store health data. The key provisions of the bill are:
1. Regulated entities must disclose and maintain a clear health data privacy policy that details the types of health data collected, shared, sold, and stored, as well as how consumers can exercise their rights under the Act.
2. Regulated entities are prohibited from collecting, sharing, or storing health data without the consumer's consent, except in limited circumstances.
3. The sale of consumer health data is prohibited without the consumer's valid, written authorization.
4. Consumers have the right to withdraw consent for the collection, sharing, sale, or storage of their health data, and regulated entities are prohibited from discriminating against consumers who do not provide consent.
5. Consumers have the right to confirm whether their health data is being collected, sold, shared, or stored, and the right to request deletion of their health data.
6. The use of geofencing technology to track consumer location near health service providers is prohibited.
The bill provides for private rights of action and enforcement by the Attorney General for violations. It also includes provisions addressing conflicts with other laws and the application of the Act.
Committee Categories
Justice
Sponsors (19)
Ann Williams (D)*,
Dee Avelar (D),
Diane Blair-Sherlock (D),
Kelly Cassidy (D),
Eva-Dina Delgado (D),
Jen Gong-Gershowitz (D),
Norma Hernandez (D),
Maura Hirschauer (D),
Lilian Jiménez (D),
Lindsey LaPointe (D),
Theresa Mah (D),
Rita Mayfield (D),
Kevin Olickal (D),
Abdelnasser Rashid (D),
Bob Rita (D),
Anne Stava-Murray (D),
Katie Stuart (D),
Nabeela Syed (D),
Janet Yang Rohr (D),
Last Action
Session Sine Die (on 01/07/2025)
Bill Topics
Banking, Finance, and Domestic Commerce
- ‐ Consumer Safety and Consumer Fraud
Civil Rights, Minority Issues, and Civil Liberties
- ‐ Right to Privacy and Access to Government Information
bill text
bill summary
Loading...
bill summary
Loading...
bill summary
| Document Type | Source Location | Created |
|---|---|---|
| State Bill Page | https://www.ilga.gov/legislation/BillStatus.asp?DocNum=4093&GAID=17&DocTypeID=HB&SessionID=112&GA=103 | 05/16/2023 |
| BillText | https://www.ilga.gov/legislation/103/HB/10300HB4093.htm | 05/16/2023 |
Loading...