This bill introduces comprehensive data privacy protection requirements for consumer health data in New Jersey, specifically targeting health care providers and patients. It defines key terms such as "regulated entity," which includes any business that collects, processes, shares, or sells consumer health data, while excluding government agencies and certain other entities. Regulated entities are mandated to maintain a consumer health data privacy policy, obtain consumer consent for data collection and sharing, and provide consumers with rights to access, delete, or withdraw consent regarding their health data. The bill also requires these entities to implement strict access controls and data security practices to protect consumer health data.

Additionally, the legislation outlines specific prohibitions, including the use of geofences around health care entities for tracking or data collection purposes. It establishes a process for consumers to appeal decisions made by regulated entities regarding their data requests and imposes penalties for violations, categorizing them as unlawful practices. The bill also clarifies certain exemptions for specific entities and types of information, while allowing regulated entities to collect and use consumer health data to address security incidents or illegal activities, provided they can demonstrate compliance with the outlined exemptions. Overall, this legislation aims to enhance the protection of consumer health data and ensure transparency and accountability among entities handling such sensitive information.