Amends the Protect Health Data Privacy Act. Provides that a regulated entity shall disclose and maintain a health data privacy policy that, in plain language, clearly and conspicuously disclosures specified information. Provides that a regulated entity shall prominently publish its health data privacy policy on its website homepage. Provides that a regulated entity shall not collect, share, sell, or store categories of health data not disclosed in the health data privacy policy without first disclosing the categories of health data and obtaining the consumer's consent prior to the collection, sharing, selling, or storing of such data. Prohibits the collection, sharing, selling, or storing of health data. Describes the regulated entity's duty to obtain consent; the consumer's right to withdraw consent; prohibitions on discrimination; prohibitions on geofencing; a private right of action; enforcement by the Attorney General; and conflicts with other laws. Makes other changes.