This bill establishes comprehensive data privacy protection requirements for consumer health data in New Jersey, specifically targeting health care providers and patients. It defines key terms such as "regulated entity," which includes any business that collects, processes, shares, or sells consumer health data, while excluding government agencies and certain other entities. Regulated entities are mandated to maintain a clear privacy policy, obtain explicit consumer consent for data collection and sharing, and provide consumers with rights to confirm, withdraw, or request deletion of their data. The bill also requires these entities to restrict access to consumer health data and implement robust data security practices.

Additionally, the bill outlines provisions for third-party processors of consumer health data, requiring them to operate under binding contracts that define their actions. It prohibits the use of geofencing around health care entities for tracking or collecting consumer data without consent. Violations of the bill's provisions are classified as unlawful practices under existing consumer protection laws, and the bill specifies exemptions for various entities and types of information. Regulated entities are allowed to collect and use data for security and legal compliance purposes, provided they can demonstrate the necessity of such actions.