The proposed bill, titled the "Reproductive Freedom and Gender-Affirming Care Health Data Privacy Act," aims to enhance privacy protections for consumer health data, particularly concerning reproductive and gender-affirming care. It introduces new definitions, such as "consumer health data," "gender-affirming care information," and "regulated entity," while establishing clear guidelines for obtaining informed consent before collecting or processing such data. The bill mandates that regulated entities and small businesses maintain a consumer health data privacy policy by specified deadlines in 2026, detailing the categories of data collected, its usage, and third-party sharing. It also prohibits the collection or sharing of consumer health data without prior consent, except for certain permissible purposes.

Additionally, the bill outlines consumer rights regarding their health data, including the right to access, delete, and withdraw consent for data collection and sharing. It sets compliance deadlines for regulated entities and small businesses, requiring them to implement data security practices to protect consumer health data. The legislation also prohibits the use of geofencing technology for tracking consumers in healthcare settings and establishes that violations of the act constitute deceptive trade practices, allowing for civil actions and enforcement by the attorney general. Overall, the bill seeks to ensure transparency and accountability in the handling of sensitive health information while safeguarding individual privacy rights.