Connecticut General Statutes 42-526 – Consumer health data privacy. Disclosure, access and geofencing. Exemptions
(a)(1) Except as provided in subsection (b) of this section, subsections (b) and (c) of section 42-517 and section 42-524, no person shall: (A) Provide any employee or contractor with access to consumer health data unless the employee or contractor is subject to a contractual or statutory duty of confidentiality; (B) provide any processor with access to consumer health data unless such person and processor comply with section 42-521; (C) use a geofence to establish a virtual boundary that is within one thousand seven hundred fifty feet of any mental health facility or reproductive or sexual health facility for the purpose of identifying, tracking, collecting data from or sending any notification to a consumer regarding the consumer’s consumer health data; or (D) sell, or offer to sell, consumer health data without first obtaining the consumer’s consent.
Terms Used In Connecticut General Statutes 42-526
- Contract: A legal written agreement that becomes binding when signed.
(2) Notwithstanding section 42-516, the provisions of subsection (a) of this section, and the provisions of section 42-515, and sections 42-517 to 42-525, inclusive, concerning consumer health data and consumer health data controllers, apply to persons that conduct business in this state and persons that produce products or services that are targeted to residents of this state.
(b) The provisions of subsection (a) of this section shall not apply to any: (1) Body, authority, board, bureau, commission, district or agency of this state or of any political subdivision of this state; (2) person who has entered into a contract with any body, authority, board, bureau, commission, district or agency described in subdivision (1) of this subsection while such person is processing consumer health data on behalf of such body, authority, board, bureau, commission, district or agency pursuant to such contract; (3) institution of higher education; (4) national securities association that is registered under 15 USC 78o-3 of the Securities Exchange Act of 1934, as amended from time to time; (5) financial institution or data subject to Title V of the Gramm-Leach-Bliley Act, 15 USC 6801 et seq.; (6) covered entity or business associate, as defined in 45 C.F.R. § 160.103; (7) tribal nation government organization; or (8) air carrier, as defined in 49 USC 40102, as amended from time to time, and regulated under the Federal Aviation Act of 1958, 49 USC 40101 et seq., and the Airline Deregulation Act of 1978, 49 USC 41713, as said acts may be amended from time to time.