WPF is pleased to announce that Executive Director Pam Dixon's paper on the topic of collective privacy was selected for inclusion at the Privacy Law Scholars Conference from a large and highly competitive field. The paper is now available at the PLSC website as a confidential download for conference attendees. ...
The World Privacy Forum filed detailed comments regarding draft guidance on privacy and medical research to the U.S. Department of Health and Human Services and the U.S. Food and Drug Administration. The proposed guidance, Facilitating Understanding in Informed Consent, is related to consent for human subject research (medical research) and is particularly important. Currently, models of consent are in the process of going digital, which has created a number of challenging problems to solve. In the comments, WPF had several recommendations to improve consent and privacy.
WPF submitted comments to the National Institute of Standards and Technology regarding its Draft Guidelines for Evaluating Differential Privacy Guarantees . The comments approach the NIST Draft Guidance from a policy perspective, and urged changes to some parts of the definitional language in the Draft Guidance. Key areas of the ...
This statement was delivered orally to the FTC in its Open Commission Meeting, held on 18 January 2024.
The World Privacy Forum filed comments regarding the US Federal Trade Commission’s 2023 Notice of Proposed Rulemaking regarding Health Breach Notification. This marks the second set of comments WPF has filed, our first being in 2009 regarding the first iteration of the Health Breach Rule. The comments are technical, and ...
WPF provided detailed comments to the US Department of Health and Human Services regarding its proposal for changes to HIPAA regarding modifications to the Privacy Rule. Specifically, HHS proposed modifications to standards for the privacy of individually identifiable health information. WPF supports many of the changes proposed in the NPRM.
Earlier this month, WPF attended a joint conference focused on the shifting dynamics of how the Common Rule that governs human subject research in the US will be interpreted amidst new technological shifts such as AI. The department of Health and Human Services is seeking to define what the next steps and new policy frameworks should be to ensure the Common Rule protects individuals in current and future research environments. Details on the presentations, conversations, and key takeaways in the post.
The FTC announced its first enforcement action under its Health Breach Notification Rule . This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the " ...telehealth and prescription ...
The World Privacy Forum (WPF) submitted comments on an important Notice of Proposed Rulemaking that proposes modifications of the protection requirements for substance use disorder (SUD) treatment records. Currently, health records regarding treatment for Substance Use Disorders receive special protections under what is called Part 2 regulations , or, 42 ...
Thank you Chair and Commissioners. The profusion of health apps, websites and digital tools that provide consumers with assistance and insights about their health is a positive development. However, it has come at the cost of increasing privacy risks. One of these risks is that consumers are confused about when and where federal health privacy protections apply to their health information.
WPF recently reviewed and provided recommendations regarding a proposed AI Framework meant to apply to medical research involving human subjects. The issue of human subject research is a critically important one. In the US, The Common Rule (45 CFR subpart A) is a key regulation that protects people from unethical medical research. As research utilizing tools such as AI and SaMD -- software as a medical device -- grows in use, there is an urgent need to determine the proper ethical, legal, and regulatory framework for the use of these tools in the human subject research context. For this reason, WPF was pleased to review and provide recommendations to the Secretary's Advisory Committee on Human Research Protections, SACHRP, on its proposed AI Framework.
One of the most common questions we receive is: what does HIPAA compliant mean? Well.. If a company or entity or health app is not covered by HIPAA, it may still say that it is “HIPAA compliant.” HIPAA compliant does not mean the same thing as being a HIPAA- covered ...
The U.S. Occupational Safety and Health Administration (OSHA) has published its proposal regarding how employee vaccination information will be treated by employers. WPF's analysis has found a meaningful loophole in privacy protections, and has proposed a remedy to OSHA.
In public testimony September 15, 2021, WPF's Executive Director urged the Department of Health and Human Services National Vaccine Advisory Committee Committee to establish broadened protections for covid-19 vaccination data, including extending the existing CDC Guidance (from May 2021) prohibiting commercial marketing use of vaccination registration information or other vaccination ...
WPF's Executive Director spoke today before the US Center For Disease Control's ACIP Committee regarding privacy protections for vaccine recipients' data. WPF supported the CDC’s prohibition on the use of vaccine recipient data for commercial marketing purposes. The CDC’s Vaccination Program Provider Requirement s , published in May 18, 2021, ...
On August 4, 2021, WPF participated as a member of the Civil20 - G20 Global Dialogue on Health. The dialogue was moderated by C20 Global Health co-chair Rachel Ong, with concluding comments by co-chair Kurt Frieder. Davide La Cecilia, Diplomatic adviser to the Italian Minister for Health and former Ambassador ...
The FTC held an historic open FTC Commission meeting, during which the Chair and Commissioners conducted their business openly and also provided an opportunity for public comments. The World Privacy Forum was selected to provide a public comment, which focused on the need to update the Health Breach Notification Rule.
WPF filed comments today with the Department of Health and Human Services regarding an important Notice of Proposed Rulemaking that, if adopted, will bring substantial changes to patients' electronic health records and how they are managed, among other issues. In general, we found much to support in the NPRM. However, ...
The World Privacy Forum participated in the C20 Civil Society Consultation on Sustainable Health Security Preparedness 20 April, 2021, part of the preparatory work for the G20 health-related declaration. (Rome Declaration.) In our attached statement to the C20 / G20, we outline three key requirements to allow safe and sustainable health data ecosystem knowledge utilization, including privacy and effective data governance, interoperability, and robust inclusion of LMICs and vulnerable or marginalized populations in standards development.
The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women's pregnancy, menstruation, mental ...
The European Commission has proposed the creation of a new European Health Emergency Preparedness and Response Authority, HERA. WPF provided comments regarding the proposal, urging the Commission to ensure from the outset that HERA will fulfill its mission with a focus on data interoperability and will include specific data governance ...
This summer, the World Privacy Forum served as a member of the World Health Organization’s External Expert Group on Data Principles . We are pleased to announce that WHO has now published its updated data principles and data sharing policy, as of October 2020. While there are additional items that ...
The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.
WPF Executive Director Pam Dixon will be presenting at an OECD and Global Privacy Assembly workshop on the risks, challenges, and potential solutions regarding the intersection of COVID-19 and the uses of identity in a global public health crisis. Event details: COVID-19 and privacy virtual Workshop on “The road to ...
The Department of Health and Human services has announced major changes for hospitals' COVID-19 data reporting processes. HHS has also made changes to the types of data that hospitals must report, expanding the data collection. This includes new information requests for disaggregated information about adult and pediatric patients, to name a few of the changes. The reporting requirements do contain patient flows, but there are still unknown aspects to the new COVID-19 reporting requirements regarding individual-level data and certain privacy considerations.
