Washington bans geofencing within 2,000 feet of healthcare facilities. What does that mean for reproductive-health campaigns?
The 2,000-foot geofence prohibition under RCW 19.373.080 is the single section of Washington's My Health My Data Act with the cleanest operational consequence. It is a categorical prohibition, not a consent-conditional rule. Reproductive-health campaigns, audience-building configurations, and SDK behavior need to be audited against the perimeter before launch, not after a Washington consumer or the Attorney General notices.
Ask my AI Legal Analyst about Washington consumer health data and MHMDA?
Tap a question for an instant, free answer (no email needed), or describe your product and the analyst routes you to the right next step.
Common Washington consumer-health-data questions, always free
The operative text of RCW 19.373.080
RCW 19.373.080: "It is unlawful for any person to implement a geofence around an entity that provides in-person health care services where such geofence is used to: (1) Identify or track consumers seeking health care services; (2) collect consumer health data from consumers; or (3) send notifications, messages, or advertisements to consumers related to their consumer health data or health care services."
"Geofence" under RCW 19.373.010 is "a virtual boundary that is 2,000 feet or less from the perimeter of the physical location" using GPS, cell tower, cellular data, RFID, Wifi, or any other spatial or location detection. The 2,000 feet is measured from the perimeter, not the centroid; the math favors the regulator.
Three independent prohibitions
The section creates three independent prohibited uses. A geofence violates the section if it does any one of: (1) identify or track consumers seeking healthcare services, (2) collect consumer health data, or (3) send notifications, messages, or advertisements related to consumer health data or healthcare services. "Or" means the operator does not need to be doing all three for the prohibition to apply; one is enough.
This matters because operators sometimes assume that a "passive" geofence (audience-building without active notifications) is acceptable. Under prong (1) the passive identification is itself the violation. Under prong (2) any data collection inside the perimeter for purposes related to consumer health is the violation. A geofence that only logs visits and uses them for retargeting outside the perimeter is exposed under prongs (1) and (2) even though no notification is sent.
Why the reproductive-health context drives the litigation risk
The prohibition is technically about all in-person healthcare facilities, not just reproductive-health facilities. But the litigation environment, plaintiff bar interest, and post-Dobbs context concentrate the practical risk on reproductive-health campaigns. A geofence around an OB-GYN office, a fertility clinic, an abortion provider, a Planned Parenthood location, or a hospital running a reproductive line presents the cleanest fact pattern for a regulator or plaintiff to assert. Combine the geofence with a downstream ad serving reproductive-health content, and the per-se Consumer Protection Act bridge under RCW 19.373.090 attaches.
What the audit looks like
I treat the geofence audit as a four-step process. First, compile the list of in-person healthcare facilities serving Washington consumers in the targeting footprint. Reproductive-health facilities get priority, but the perimeter applies to all healthcare facilities. Second, pull the current ad-platform configurations from each ad SDK and partner relationship, including custom audience definitions, lookalike audiences, retargeting pixels, and SDK-level location collection rules. Third, map each configuration against the 2,000-foot perimeter around each facility. Fourth, reconfigure or disable each configuration that falls inside the perimeter for a prohibited purpose.
The fourth step is where operators encounter friction. The ad-platform interface does not always expose a "do not target within 2,000 feet of healthcare" toggle. Practical compliance often means excluding healthcare-facility geographies from the campaign at the inclusion-zone level, which the platform supports, rather than relying on the negative-targeting rule, which it usually does not.
Per-se Consumer Protection Act exposure (RCW 19.373.090)
RCW 19.373.090 makes any MHMDA violation a per-se Washington CPA violation. The remedy under RCW 19.86.090 is actual damages, discretionary trebling up to $25,000, and one-way attorney's fees. The four-year SOL under RCW 19.86.120 applies. A geofence violation under RCW 19.373.080 is the kind of categorical violation that produces a clean plaintiff theory; the operator's only realistic defense is on injury and causation, not on the underlying conduct.
Sergei's practical note
The geofence prohibition is the easiest MHMDA section to comply with in writing and the easiest to violate in practice, because the underlying ad-platform infrastructure is built around precise location targeting and the operator does not usually have a clean view of where the ad partner has drawn the line. I recommend treating the 2,000-foot perimeter as a hard rule in the campaign-approval workflow, with a Washington-clinic address list maintained at the campaign level. Send the SDK inventory, the campaign configurations, and the partner list, and I will scope the audit.
Payment
Flat fee, paid up front through a secure PayPal checkout, so the budget is fixed before any work starts. The flat fee for the Healthcare SaaS Legal Package is $2,500. There is no hourly meter and no surprise invoice. If a matter is unusually large or turns into extended negotiation, I tell you before any additional work and we agree on scope first.
Delivery
Drafts in 2 to 3 business days, even for complex agreements. I work weekends when a matter needs it and it is engaged. You receive the work product by email in an editable format, with brief written comments explaining the key issues and the reasoning behind the main choices.
Process
- Send the materials. Email me your current documents, screenshots, and a short description of the product and the Washington consumers it touches.
- I confirm scope and run a conflict check. Engagement begins only after that check and a written confirmation of what is included.
- I draft or review. You get the deliverable with plain-language comments on the highest-risk items first.
- We refine. Reasonable revision rounds are included so the final version fits how your product actually works.
Scope
This is attorney-supervised regulatory and document work under my California license: issue spotting, compliance planning, drafting, and review. It is not Washington court representation. For Washington filings, litigation, or any court appearance, I coordinate with Washington-admitted counsel. Nothing here creates an attorney-client relationship until a conflict check clears and an engagement is confirmed in writing.
Related Washington resources
For the full statutory walkthrough, see my Washington My Health My Data Act resource. The Geofencing Risk for Adtech page goes deeper into SDK and campaign-specific failure modes. The Abortion-Travel Data Privacy page applies the section to a specific high-risk fact pattern. To run the triage, see my Reproductive Health Data Risk Checker.
A flat-fee package for digital health and SaaS founders: HIPAA and BAA posture, Terms of Service and privacy policy, and the consumer-health-data layer that MHMDA adds on top. Reviewed under California license; for Washington court representation I coordinate with Washington-admitted counsel.
See the full Healthcare SaaS legal stack → or email me directly for a scoped quote.
Educational resource. Sergei Tokmakov is a California attorney (CA Bar #279869) currently seeking admission to the Washington State Bar. Nothing on this page creates an attorney-client relationship or is Washington legal advice.