The proposed bill introduces the "Reproductive Health and Gender-Affirming Healthcare Data Privacy Act" into Title 23 of the General Laws, focusing on the protection of consumer health data related to reproductive and gender-affirming care. It establishes clear definitions and regulations regarding the collection, processing, and sharing of such data, emphasizing the necessity of informed, specific, and voluntary consumer consent. The bill outlines the conditions under which consent cannot be obtained, including through general terms of use agreements or deceptive designs.

Regulated entities and small businesses are required to maintain a consumer health data privacy policy that clearly discloses the categories of data collected, its intended use, and consumer rights. They must also implement data security practices to restrict access to sensitive health information and ensure the confidentiality, integrity, and accessibility of consumer health data.

The act prohibits the sale of consumer health data without explicit consent and outlines the necessary components for valid authorization, including details about the data, involved parties, and consumer rights regarding revocation. It includes provisions to prevent geofencing around healthcare providers, which could infringe on consumer privacy, and specifies exemptions for certain types of information, such as protected health information under federal law.

Enforcement mechanisms allow individuals to pursue civil actions for violations, and the attorney general is granted authority to ensure compliance with the law. The act is designed to enhance consumer privacy and control over personal health information and will take effect upon passage.