The proposed bill introduces the "Reproductive Freedom and Gender-Affirming Care Health Data Privacy Act" to Title 23 of the General Laws, focusing on the protection of consumer health data related to reproductive and gender-affirming care. It establishes clear definitions and regulations regarding consumer health data, emphasizing the necessity of obtaining explicit consent before data collection and processing.

The bill outlines the rights of consumers, including the right to confirm whether a regulated entity or small business is collecting, sharing, or selling their health data, the right to access such data, the right to withdraw consent, and the right to have their health data deleted. Regulated entities and small businesses are mandated to maintain a consumer health data privacy policy that clearly discloses data collection practices, purposes, and sharing protocols.

Furthermore, the legislation prohibits the sale of consumer health data without valid consumer authorization, requiring that such authorizations be written in plain language and include specific details about the data being sold and the parties involved. It also prohibits the use of geofences around healthcare entities for tracking purposes.

Certain information, such as protected health information under federal law, is exempt from the bill's provisions. The act establishes penalties for violations and allows individuals to bring civil actions for appropriate injunctive relief and damages, with enforcement authority granted to the attorney general. The bill aims to enhance consumer control and privacy regarding sensitive health information and is set to take effect immediately upon passage.