Committee hears bill to expand protections for health‑related consumer data

Senate File 2940 returned to the Commerce and Consumer Protection Committee as an informational item, with Sponsor Senator Westlund saying the bill closes gaps in protection for health‑related data not covered by HIPAA or Minnesota’s Health Records Act.

The amendment introduces a definition of health data that includes information about health services, supplies and biometric indicators collected by apps and devices, and creates a separate regime for sharing (distinct from sale). The measure would require specific, purpose‑limited consent for sharing health data, provide withdrawal mechanics and define geofencing in statute. Senator Westlund said the language borrows from a Connecticut model and is intended to ensure consumers know and control how health‑adjacent data are shared.

Industry testimony from TechNet cautioned the committee that the definition of health data in the bill is broader than many state models, could force redundant consents for closely related uses, and that expansive geofencing language could inadvertently block beneficial consumer‑requested notifications (for example, pharmacy reminders). TechNet suggested aligning the definition with established state frameworks and treating consumer health data as a subset of sensitive data.

The committee did not vote on SF 2940; chair direction was to treat the hearing as informational. Members noted further committee stops would be required for any movement and requested follow‑up details on drafting and possible unintended consequences.