Regulatory attorney Adam Greene of Davis Wright Tremaine recently expressed concerns about how certain state privacy laws, such as Washington State’s My Health My Data Act, could impact the use of consumer information for artificial intelligence and machine learning projects. Speaking at the HIMSS 2025 conference in Las Vegas, Nevada, Greene highlighted the potential challenges that organizations may face when dealing with consumer health data that falls outside of the scope of HIPAA.
According to Greene, Washington State’s MHMD Act prohibits the utilization of non-health data to draw health-related conclusions without the explicit permission of individuals. This restriction could pose significant obstacles for AI development initiatives, as it may prevent organizations from using certain datasets to create new health inferences without obtaining necessary authorizations from data subjects.
In a recent audio interview with Information Security Media Group, Greene delved further into the implications of state privacy laws on AI and ML projects. He emphasized the lack of federal guidance on the use of HIPAA-protected health information for such endeavors, leaving regulated entities in a state of uncertainty. Additionally, he discussed privacy considerations related to the use of patient data for AI and ML under federal health regulations such as 42 CFR Part 2, which governs substance disorder records.
Greene also highlighted the importance of avoiding privacy mistakes in AI projects involving health information and underscored the broader uncertainty surrounding the federal government’s stance on various health data privacy and security issues related to AI. As a specialist in health information privacy and security laws, Greene brings a wealth of experience to the table, having previously served as a senior health information technology and privacy specialist at the HHS Office for Civil Rights.
Overall, Greene’s insights shed light on the complex interplay between state privacy laws, federal regulations, and emerging technologies like AI and ML. As organizations navigate this evolving landscape, they must remain vigilant about complying with a patchwork of laws and regulations to ensure the ethical and legal use of consumer data in AI projects.