The proposed bill introduces the "Reproductive Freedom and Gender-Affirming Care Health Data Privacy Act" to Title 23 of the General Laws, focusing on the privacy of consumer health data related to reproductive and gender-affirming care. It establishes key definitions, including "consumer health data," "regulated entity," and "small business," and emphasizes the necessity of consumer consent for data collection and processing. The bill outlines specific requirements for obtaining consent, including clear disclosures and prohibitions against deceptive practices.

It grants consumers rights to confirm whether their health data is being collected, shared, or sold, and to access, delete, and control the sharing of their health data. The legislation mandates that regulated entities and small businesses maintain a consumer health data privacy policy by set deadlines, detailing the categories of data collected, its usage, and third-party sharing. It requires that consumer consent be obtained prior to data collection or sharing and emphasizes the need for data security practices.

The bill specifies that authorizations for selling consumer health data must be written in plain language and include detailed information about the transaction. Certain types of information, such as protected health information under federal law, are exempt from the bill's provisions. Violations of the act are designated as deceptive trade practices, allowing for civil action and penalties. The act will take effect upon passage.