This bill introduces comprehensive data privacy protection requirements for consumer health data in New Jersey, specifically targeting regulated entities that collect, process, share, or sell such data. It defines key terms, including "consumer health data" and "regulated entity," and mandates that these entities maintain a clear privacy policy detailing the categories of data collected, its intended use, and third-party sharing. The bill emphasizes the necessity of obtaining explicit consumer consent before any data collection or sharing occurs and prohibits the collection of undisclosed data without prior consent. Additionally, it grants consumers rights to access, delete, and withdraw consent regarding their health data, while ensuring they are not discriminated against for exercising these rights.

Moreover, the bill outlines specific requirements for processors of consumer health data, stating that they may only process data under a binding contract with the regulated entity. It prohibits the use of geofencing around healthcare providers for tracking or collecting consumer health data. Violations of the bill's provisions are classified as unlawful practices under existing consumer protection laws. The legislation also includes exemptions for certain entities and types of information, while allowing regulated entities to collect and use data to address security incidents and illegal activities, provided they can demonstrate compliance with the exemption criteria.