Washington educational resource

My reproductive-health app sits at the intersection of health data, location, and adtech. What does MHMDA actually demand?

Reproductive-health apps span fertility, pregnancy, contraception, menopause, sexual health, STI tracking, and abortion-adjacent services. They sit at an unusual intersection in privacy law because the data set combines health status, location, timing, search behavior, app activity, and third-party advertising infrastructure on the same user record. A generic privacy policy almost never answers the My Health My Data Act questions, and the combined risk profile is what drives both regulator and plaintiff interest.

AI Legal Analyst

Ask my AI Legal Analyst about Washington consumer health data and MHMDA?

Tap a question for an instant, free answer (no email needed), or describe your product and the analyst routes you to the right next step.

Common Washington consumer-health-data questions, always free

Does Washington MHMDA even apply to my product? I am not HIPAA-covered, am I in the clear? Are my analytics and AI-API calls sharing events? Do I need a separate consumer health data privacy policy? Is one "I agree" checkbox enough for consent? What happens if I get this wrong?

Loading the AI Legal Analyst...

Last legally reviewed: 2026-05-19. Citations verified against Chapter 19.373 RCW on app.leg.wa.gov. MHMDA reaches out-of-state companies that conduct business in Washington or target products or services to Washington consumers and determine the purposes and means of processing consumer health data.

The combined risk profile is the issue

Reproductive-health data is not just one category of consumer health data under RCW 19.373.010; it is several. A typical product holds reproductive-status data (cycle, ovulation, pregnancy, contraception), inferences derived from that data, partner data, location signals near healthcare facilities, search and content-engagement signals, and behavioral data feeding third-party ad networks. Each is independently consumer health data under the statute, and the combination, when linked to a Washington user, presents a particularly persuasive plaintiff theory under the per-se Consumer Protection Act bridge at RCW 19.373.090.

The combination also drives the practical scope of remediation. Fixing the privacy policy without fixing the SDK inventory, the consent UX, the data-flow diagrams, and the geofence configuration leaves the same risk in place under a different document. The MHMDA work is coordinated, not document-by-document.

The four MHMDA hooks for a reproductive-health app

Separate Consumer Health Data Privacy Policy under RCW 19.373.020. A standalone document, prominently linked from the homepage, with the five substantive disclosures including the specific-affiliates list. Bundling MHMDA into a generic privacy policy is the most common gap.

Two-layer consent under RCW 19.373.030. Affirmative opt-in consent for collection, separate from affirmative opt-in consent for sharing. A unified terms-of-service acceptance is not enough.

2,000-foot geofence prohibition under RCW 19.373.080. Categorical ban on geofences within 2,000 feet of any in-person healthcare facility used to track, collect consumer health data, or send notifications. For a reproductive-health app this sweeps in OB-GYN offices, fertility clinics, abortion providers, contraception clinics, STI clinics, and hospitals running reproductive lines.

Written authorization for sale under RCW 19.373.070. Nine elements; missing any one invalidates. "Sale" is broad and includes valuable-consideration exchanges that are not cash sales (research partnerships, data licensing, analytics arrangements that include a data flow back to the partner).

Why the post-Dobbs context matters for design choices. A reproductive-health app's data set can, on its own, identify a user's pregnancy timing, contraception decisions, miscarriage, or termination decision. The MHMDA compliance posture is the most concrete protection a Washington user has against that disclosure flowing to ad partners, data brokers, or third parties under subpoena or process. The design decision is therefore not "do we want to be in scope," it is "how do we keep the data flow consistent with what we have promised the user."

What I review when an operator sends a reproductive-health matter

The work splits into compliance review and dispute response. Operator-side: current privacy policy against the five substantive disclosures under RCW 19.373.020; consent UX against the two-layer requirement under RCW 19.373.030; data-flow audit against the categories in the policy; sale and authorization under RCW 19.373.070; geofence audit against the 2,000-foot perimeter under RCW 19.373.080; processor contract review under RCW 19.373.060; and AG inquiry response posture if a letter has arrived. For dispute response on the consumer side, an MHMDA-grounded demand letter identifies the specific subsection violated and quantifies exposure under the per-se CPA bridge.

Sergei's practical note

Reproductive-health apps are the MHMDA cluster I find the most interesting to review because the failure modes are usually structural rather than cosmetic. The bundled policy, the implicit consent flow, the unaudited SDK stack, and the missing authorization are not failures of effort; they are failures of the SaaS template inherited from a CCPA-only world. The MHMDA fix is a coordinated upgrade, not a redraft. Send the current policy, the consent screenshots, the SDK and partner inventory, and a brief product description, and I will tell you which tier of work fits.

Payment

Flat fee, paid up front through a secure PayPal checkout, so the budget is fixed before any work starts. The flat fee for the Healthcare SaaS Legal Package is $2,500. There is no hourly meter and no surprise invoice. If a matter is unusually large or turns into extended negotiation, I tell you before any additional work and we agree on scope first.

Delivery

Drafts in 2 to 3 business days, even for complex agreements. I work weekends when a matter needs it and it is engaged. You receive the work product by email in an editable format, with brief written comments explaining the key issues and the reasoning behind the main choices.

Process

Send the materials. Email me your current documents, screenshots, and a short description of the product and the Washington consumers it touches.
I confirm scope and run a conflict check. Engagement begins only after that check and a written confirmation of what is included.
I draft or review. You get the deliverable with plain-language comments on the highest-risk items first.
We refine. Reasonable revision rounds are included so the final version fits how your product actually works.

Scope

This is attorney-supervised regulatory and document work under my California license: issue spotting, compliance planning, drafting, and review. It is not Washington court representation. For Washington filings, litigation, or any court appearance, I coordinate with Washington-admitted counsel. Nothing here creates an attorney-client relationship until a conflict check clears and an engagement is confirmed in writing.

Need this handled end to end? The $2,500 Healthcare SaaS Legal Package

A flat-fee package for digital health and SaaS founders: HIPAA and BAA posture, Terms of Service and privacy policy, and the consumer-health-data layer that MHMDA adds on top. Reviewed under California license; for Washington court representation I coordinate with Washington-admitted counsel.

Request this package · $2,500

See the full Healthcare SaaS legal stack → or email me directly for a scoped quote.

Related Washington resources

For the full statutory walkthrough, see my Washington My Health My Data Act resource. To run the triage, see my Reproductive Health Data Risk Checker. Related cluster pages: Fertility apps, Period-tracking apps, Reproductive-health geofencing ban, Geofencing risk for adtech, Abortion-travel data privacy, Drafting the consumer-health-data policy.

Educational resource. Sergei Tokmakov is a California attorney (CA Bar #279869) currently seeking admission to the Washington State Bar. Nothing on this page creates an attorney-client relationship or is Washington legal advice.