Skip to content

What To Know About New Nevada Consumer Health Data Privacy Bill

July 14, 2023

Nevada’s legislature passed its Consumer Health Data Privacy bill on June 5. The bill, if signed into law by Governor Joe Lombardo, would take effect on March 31, 2024. If signed into law, the Nevada bill would join Washington’s “My Health Data Act” and the new health data law passed by Connecticut in providing additional protections for consumer health-related data.

Like the Washington and Connecticut laws, the Nevada bill limits what entities can do with health data without consumer consent or valid authorization. Here’s what’s essential to know about the new Nevada bill.

  • What data is covered by the bill? The law would apply to consumer health data which it defines as “personally identifiable information that is linked or reasonably capable of being linked to a consumer and that a regulated entity uses to identify the past, present or future health status of the consumer.” This consumer health data would include health condition, status, disease or diagnosis, social psychological, behavioral, or medical intervention, surgeries, use or acquisition of medication, bodily functions, vital signs, or symptoms, reproductive or sexual health care, gender-affirming care, biometric data, genetic data, precise geolocation data used to indicate a consumer’s attempt to receive health care service or products, and any data that is derived or extrapolated from information that is not consumer health data through an algorithm, machine learning, or any other means that collectively is health-related. This very broad definition does exclude data that is related to shopping habits or gaming information.
  • Which entities are covered by the bill? The law would apply to any person who conducts business in the state of Nevada or produces or provides products or services that are targeted to consumers in Nevada. This definition is far broader and lacks the limitations found in many of the state consumer data protection acts related to the amount of data collected by the entity. There are exemptions provided for entities that are subject to HIPAA, GLBA, FCRA, and information governed by FERPA.
  • No collection or sharing of consumer health data without consent. Perhaps the most impactful part of the law is the prohibition on collecting or sharing any consumer health data without first receiving affirmative, voluntary consent from consumers. Much remains to be seen in terms of how this law will be enforced or the specific impacts of the law, but this prohibition would appear to require businesses to provide consumers with enough knowledge about what the entity is doing with their consumer health data for the consumer to provide voluntary consent.
  • No geofencing. The law prohibits the collection of precise geolocation data about consumers. Specifically, the law would prohibit the collection of data identifying the precise location of a consumer within 1,750 feet of their exact position.
  • Restriction on the sale of consumer health data. Consumer health data may not be sold unless valid authorization is received. The law lays out the requirements for valid authorizations and requires they contain specific information, such as a description of the purpose of the sale and the name and contact information of the person or entity that is purchasing the data.

While limited to consumer health data this law, and similar laws in Washington and Connecticut, are likely to impact more than just healthcare facilities. As this law authorizes fines of up to $5,000 per violation and criminal prosecution, it is important to understand and observe your business’s potential obligations under this law.

For more information about this law, please contact the legal professionals at Clark Hill, PLC.

The views and opinions expressed in the article represent the views of the author and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is it intended to be a substitute for professional legal advice.

Subscribe for the latest

Subscribe

Related

Event

Webinar: Special Education Bootcamp - Compliance Foundations Under IDEA

Whether you are new to special education leadership or looking to reinforce your foundational knowledge, this interactive webinar will provide a comprehensive overview of the core compliance requirements under the Individuals with Disabilities Education Act (IDEA). Designed for school leaders who are responsible for ensuring legally sound practices, this session will offer practical tools and strategies to help participants navigate common procedural and substantive pitfalls, support sound decision-making, and build a compliant and student-centered special education program.

Explore more
Event

Telehealth Week Webinar 2025: Navigating Legal Changes and Future Trends for Healthcare Providers

Join Paul Schmeltzer, Carrie Foote, and John Howard for our one-hour annual Telehealth Week webinar, focused on the evolving legal landscape of telehealth. This session will cover key topics, including the upcoming DEA final rule on prescribing controlled substances via telehealth, federal reimbursement concerns for telehealth, and what healthcare providers need to prepare for other upcoming changes.

Explore more
Event

Webinar: The Transatlantic Tightrope: AI, ESG and the Evolving Duty of Care for Multinational Companies

Join Mariah Leffingwell and Sam Saarsteiner for a conversation, moderated by co-chair of Clark Hill’s ESG & Sustainability advisory practice, Maram Salaheldin,  that bridges the Atlantic—and the gap between innovation and accountability—as they explore how today’s duty of care must adapt to tomorrow’s technologies.

Explore more