Washington’s new My Health My Data Act (MHMD) imposes requirements on a wide array of companies that have had little or no prior involvement with HIPAA – and the law will be a litigation launch pad by establishing a private right to sue. The MHMD’s sweeping definitions for a new class of consumer health data and its unclear interaction with the patchwork of other states’ comprehensive privacy laws will make compliance challenging. This article, part two in a series examining the pioneering law, presents recommended compliance priorities from experts at Clark Hill, Hintze Law, Frankfurt Kurnit, Husch Blackwell and WilmerHale, including considerations for data subject rights, a separate privacy notice and novel geofencing restrictions. Part one looked at the law’s key impacts and broad definitions. See “Understanding and Implementing Privacy Audits” (Nov. 30, 2022).