My Health My Data Act Privacy Policy

Washington State Consumer Health Data Privacy

Last Updated: August 2025

This policy applies specifically to Washington State residents and is in addition to our general Privacy Policy. It addresses requirements under Washington's My Health My Data Act (RCW 19.373).

What is the My Health My Data Act?

Washington's My Health My Data Act provides enhanced privacy protections for consumer health data. This law gives Washington residents specific rights regarding the collection, use, and sharing of their health information, with requirements that go beyond federal HIPAA protections.

Consumer Health Data We Collect

Under Washington law, "consumer health data" means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. This includes:

Health Information We Collect

  • DEXA scan results and body composition measurements
  • Medical history and current health conditions
  • Medications and supplements you are taking
  • Weight, height, BMI, and vital signs
  • Laboratory test results and biomarkers
  • Progress photos and medical images
  • Health symptoms and treatment responses
  • Mental health information related to weight management
  • Lifestyle factors affecting health (diet, exercise, sleep)
  • Genetic information related to weight management (if provided)

Technology and Usage Data

  • App usage patterns related to health tracking
  • Device data from health monitoring equipment
  • Location data when using health services
  • Search queries related to health topics on our platform
  • Communication content with healthcare providers

How We Use Your Consumer Health Data

We use your consumer health data for the following purposes, and only with your explicit consent:

Primary Health Services

  • Providing DEXA scanning and body composition analysis
  • Facilitating telehealth consultations with licensed providers
  • Enabling prescription and monitoring of weight management medications
  • Tracking your health progress and treatment outcomes
  • Providing personalized health recommendations

Secondary Uses (Require Separate Consent)

  • Quality improvement and research studies
  • Development of new health services or technologies
  • Anonymous data aggregation for population health insights
  • Training of healthcare providers (de-identified data only)

Your Rights Under Washington Law

Right to Know

You have the right to know:

  • What consumer health data we collect about you
  • How we use and share your consumer health data
  • Who we share your consumer health data with
  • How long we retain your consumer health data

Right to Access

You have the right to request access to the consumer health data we maintain about you. We will provide this information in a portable and, to the extent technically feasible, readily usable format.

Right to Delete

You have the right to request deletion of your consumer health data, subject to certain exceptions such as:

  • Completing the transaction for which the data was collected
  • Complying with legal obligations
  • Ensuring security and preventing fraud
  • Maintaining medical records as required by law

Right to Withdraw Consent

You may withdraw your consent for the collection and use of your consumer health data at any time. However, withdrawal may limit our ability to provide certain services.

Right to Appeal

If we deny your request regarding your consumer health data, you have the right to appeal our decision through the process described below.

Consent Requirements

Affirmative Consent

We will obtain your affirmative consent before:

  • Collecting your consumer health data
  • Using your consumer health data for purposes beyond those originally disclosed
  • Sharing your consumer health data with third parties
  • Using your consumer health data for research or quality improvement

Granular Consent Controls

You can provide different levels of consent for different uses of your data:

  • Essential services (DEXA scanning, telehealth consultations)
  • Enhanced services (progress tracking, personalized recommendations)
  • Research and quality improvement (anonymous data use)
  • Marketing communications (health-related offers and information)

Data Sharing and Third Parties

Permitted Sharing

We may share your consumer health data with your explicit consent to:

  • Licensed healthcare providers for treatment purposes
  • Licensed pharmacies for prescription fulfillment
  • Laboratory partners for required testing
  • Insurance companies (only if you provide specific authorization)

Prohibited Sharing

We will not share your consumer health data for:

  • Marketing by third parties without your consent
  • Employment, insurance, or credit decisions (unless specifically authorized)
  • Sale to data brokers or marketing companies
  • Any purpose not disclosed in this policy without consent

Data Security and Protection

We implement enhanced security measures for consumer health data:

  • Encryption of all health data in transit and at rest
  • Multi-factor authentication for access to health information
  • Regular security audits and vulnerability assessments
  • Employee training on health data privacy requirements
  • Incident response procedures for data breaches

Data Retention

We retain your consumer health data only as long as necessary for:

  • Providing the health services you requested
  • Complying with legal and regulatory requirements
  • Maintaining medical records as required by law (minimum 7 years)
  • Purposes for which you have provided ongoing consent

Children's Health Data

We do not knowingly collect consumer health data from children under 13. For minors aged 13-17, we require parental consent and implement additional protections.

How to Exercise Your Rights

Making Requests

To exercise your rights under the My Health My Data Act, contact us at:

Desert Dexa Inc.

Attention: Washington State Privacy Rights

69848 Highway 111 Suite 7
Rancho Mirage, CA 92270

Phone: (760) 301-6806
Email: contact@desertdexa.com

Verification Process

To protect your privacy, we will verify your identity before processing requests through:

  • Account credentials verification
  • Personal information confirmation
  • Additional verification steps as needed

Response Timeline

We will respond to your requests within 45 days, with the possibility of a 45-day extension if needed. We will notify you if an extension is required.

Appeal Process

If we deny your request, you may appeal by:

  1. Submitting a written appeal within 30 days
  2. Providing additional information to support your request
  3. Requesting review by our privacy officer

We will respond to appeals within 30 days.

Regulatory Compliance

This policy complies with Washington State RCW 19.373 and related regulations. We are committed to maintaining compliance as regulations evolve.

Enforcement

Violations of the My Health My Data Act may be reported to the Washington State Attorney General's Office.

Updates to This Policy

We will notify Washington residents of material changes to this policy through:

  • Email notification to account holders
  • Prominent notice on our website
  • In-app notifications when applicable

Contact Information

For questions about this Washington State privacy policy or to exercise your rights:

Privacy Officer

Desert Dexa Inc.

69848 Highway 111 Suite 7
Rancho Mirage, CA 92270

Phone: (760) 301-6806
Email: contact@desertdexa.com

Subject Line: "Washington State Privacy Rights"

Note: This policy applies only to Washington State residents. Residents of other states should refer to our general Privacy Policy and applicable state-specific notices.