Washington bans geofencing within 2,000 feet of healthcare facilities. What does that mean for reproductive-health campaigns?
The 2,000-foot geofence prohibition under RCW 19.373.080 is the single section of Washington's My Health My Data Act with the cleanest operational consequence. It is a categorical prohibition, not a consent-conditional rule. Reproductive-health campaigns, audience-building configurations, and SDK behavior need to be audited against the perimeter before launch, not after a Washington consumer or the Attorney General notices.
The operative text of RCW 19.373.080
RCW 19.373.080: "It is unlawful for any person to implement a geofence around an entity that provides in-person health care services where such geofence is used to: (1) Identify or track consumers seeking health care services; (2) collect consumer health data from consumers; or (3) send notifications, messages, or advertisements to consumers related to their consumer health data or health care services."
"Geofence" under RCW 19.373.010 is "a virtual boundary that is 2,000 feet or less from the perimeter of the physical location" using GPS, cell tower, cellular data, RFID, Wifi, or any other spatial or location detection. The 2,000 feet is measured from the perimeter, not the centroid; the math favors the regulator.
Three independent prohibitions
The section creates three independent prohibited uses. A geofence violates the section if it does any one of: (1) identify or track consumers seeking healthcare services, (2) collect consumer health data, or (3) send notifications, messages, or advertisements related to consumer health data or healthcare services. "Or" means the operator does not need to be doing all three for the prohibition to apply; one is enough.
This matters because operators sometimes assume that a "passive" geofence (audience-building without active notifications) is acceptable. Under prong (1) the passive identification is itself the violation. Under prong (2) any data collection inside the perimeter for purposes related to consumer health is the violation. A geofence that only logs visits and uses them for retargeting outside the perimeter is exposed under prongs (1) and (2) even though no notification is sent.
Why the reproductive-health context drives the litigation risk
The prohibition is technically about all in-person healthcare facilities, not just reproductive-health facilities. But the litigation environment, plaintiff bar interest, and post-Dobbs context concentrate the practical risk on reproductive-health campaigns. A geofence around an OB-GYN office, a fertility clinic, an abortion provider, a Planned Parenthood location, or a hospital running a reproductive line presents the cleanest fact pattern for a regulator or plaintiff to assert. Combine the geofence with a downstream ad serving reproductive-health content, and the per-se Consumer Protection Act bridge under RCW 19.373.090 attaches.
What the audit looks like
I treat the geofence audit as a four-step process. First, compile the list of in-person healthcare facilities serving Washington consumers in the targeting footprint. Reproductive-health facilities get priority, but the perimeter applies to all healthcare facilities. Second, pull the current ad-platform configurations from each ad SDK and partner relationship, including custom audience definitions, lookalike audiences, retargeting pixels, and SDK-level location collection rules. Third, map each configuration against the 2,000-foot perimeter around each facility. Fourth, reconfigure or disable each configuration that falls inside the perimeter for a prohibited purpose.
The fourth step is where operators encounter friction. The ad-platform interface does not always expose a "do not target within 2,000 feet of healthcare" toggle. Practical compliance often means excluding healthcare-facility geographies from the campaign at the inclusion-zone level, which the platform supports, rather than relying on the negative-targeting rule, which it usually does not.
Per-se Consumer Protection Act exposure (RCW 19.373.090)
RCW 19.373.090 makes any MHMDA violation a per-se Washington CPA violation. The remedy under RCW 19.86.090 is actual damages, discretionary trebling up to $25,000, and one-way attorney's fees. The four-year SOL under RCW 19.86.120 applies. A geofence violation under RCW 19.373.080 is the kind of categorical violation that produces a clean plaintiff theory; the operator's only realistic defense is on injury and causation, not on the underlying conduct.
Sergei's practical note
The geofence prohibition is the easiest MHMDA section to comply with in writing and the easiest to violate in practice, because the underlying ad-platform infrastructure is built around precise location targeting and the operator does not usually have a clean view of where the ad partner has drawn the line. I recommend treating the 2,000-foot perimeter as a hard rule in the campaign-approval workflow, with a Washington-clinic address list maintained at the campaign level. Send the SDK inventory, the campaign configurations, and the partner list, and I will scope the audit.
Related Washington resources
For the full statutory walkthrough, see my Washington My Health My Data Act resource. The Geofencing Risk for Adtech page goes deeper into SDK and campaign-specific failure modes. The Abortion-Travel Data Privacy page applies the section to a specific high-risk fact pattern. To run the triage, see my Reproductive Health Data Risk Checker.
Educational resource. Sergei Tokmakov is a California attorney (CA Bar #279869) currently seeking admission to the Washington State Bar. Nothing on this page creates an attorney-client relationship or is Washington legal advice.