Loading
Loading
Your feedback directly shapes Sporos.
Sign in to track your feedback history
Creates the Protect Health Data Privacy Act. Provides that a regulated entity shall disclose and maintain a health data privacy policy that clearly and conspicuously discloses specified information. Sets forth provisions concerning health data privacy policies. Provides that a regulated entity shall not collect, share, or store health data, except in specified circumstances. Provides that it is unlawful for any person to sell or offer to sell health data concerning an individual without first obtaining valid authorization from the individual. Provides that a valid authorization to sell individual health data must contain specified information; a copy of the signed valid authorization must be provided to the individual; and the seller and purchaser of health data must retain a copy of all valid authorizations for sale of health data for 6 years after the date of its signature or the date when it was last in effect, whichever is later. Sets forth provisions concerning the consent required for collection, sharing, and storage of health data. Provides that an individual has the right to withdraw consent from the processing of the individual's health data. Provides that it is unlawful for a regulated entity to engage in discriminatory practices against individuals solely because they have not provided consent to the processing of their health data or have exercised any other rights provided by the provisions or guaranteed by law. Sets forth provisions concerning an individual's right to confirm whether a regulated entity is collecting, selling, sharing, or storing any of the individual's health data; an individual's right to have the individual's health data that is collected by a regulated entity deleted; prohibitions regarding geofencing; and individual health data security. Provides that any person aggrieved by a violation of the provisions shall have a right of action in a State circuit court or as a supplemental claim in federal district court against an offending party. Provides that the Attorney General may enforce a violation of the provisions as an unlawful practice under the Consumer Fraud and Deceptive Business Practices Act. Defines terms. Makes a conforming change in the Consumer Fraud and Deceptive Business Practices Act.
Introduced
Feb 7, 2025
Last Action
Mar 13, 2026
Session
IL 104th
Sponsors
1 primary · 0 co
Rule 2-10 Committee Deadline Established As March 27, 2026
To AI and Social Media
Re-assigned to Executive
Rule 3-9(a) / Re-referred to Assignments
Rule 2-10 Committee Deadline Established As April 11, 2025
To AI and Social Media
Assigned to Executive
Filed with Secretary by Sen. Celina Villanueva
Referred to Assignments
First Reading
Get a plain-English explanation of what this bill does, who it affects, and why it matters.
Rule 2-10 Committee Deadline Established As March 27, 2026