This bill introduces the Protect Health Data Privacy Act. It requires that any regulated entity must disclose and maintain a health data privacy policy which clearly enumerates specific information. The entity should not collect, share, or store health data, unless specific circumstances dictate otherwise. The bill stipulates it is illegal to sell health data without getting proper authorization from the individual the data pertains to. Furthermore, it details provisions about the consent required for the collection, sharing, and storage of health data. The bill gives consumers the right to withdraw consent from the collection, sharing, sale, or storage of their health data. It bans regulated entities from engaging in discriminatory practices against consumers who have not given their consent to the collection, sharing, selling, or storage of their health data. The bill includes consumer rights to determine if a regulated entity is collecting, selling, sharing, or storing their health data, to have a regulated entity delete their health data, and specifies prohibitions regarding geofencing and data security.