IL SB2273

Creates the Protect Health Data Privacy Act requiring regulated entities to maintain and publicly disclose health data privacy policies detailing what data is collected, how it is used, who it is shared with, and how individuals can exercise their rights

Prohibits the collection, sharing, storage, or sale of health data without explicit opt-in consent from individuals; sales require a separate signed authorization that expires after one year, and sellers/purchasers must retain authorization records for 6 years

Grants individuals the right to confirm whether their health data is being collected, request deletion within 45 days, and withdraw consent at any time; prohibits discrimination against individuals who decline to provide consent

Bans geofencing within 1,750 feet of healthcare facilities to track individuals or collect data, and restricts disclosure of health data to government or law enforcement without a valid warrant or the individual's request

Establishes a private right of action with damages of $1,000 per negligent violation or $5,000 per intentional violation, plus attorney's fees; Attorney General may also enforce violations under the Consumer Fraud and Deceptive Business Practices Act