Health Privacy
About health privacy, World Privacy Forum key health privacy resources
The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues.
Some of our most frequently accessed health privacy resources include:
* A Patient’s Guide to HIPAA
* Medical Identity Theft Page (resources, reports, more)
* Health privacy tagged materials
* HIPAA tagged materials
* Electronic Health Records tagged materials
* Common Rule and Human Subject Research Protection tagged materials
* Genetic privacy tagged materials
We have many more publications and resources. For a full list of topics and publications, see our key issues page.
See below for health privacy news and content by date.
Consumer advisory | PHRs and privacy — The World Privacy Forum has issued a consumer advisory about the privacy of PHRs to help consumers understand and approach the complex privacy issues PHRs can raise. Consumers need to know that not all PHRs protect privacy in the same way, and some PHR systems can undermine consumer privacy in serious ways that consumers may not be expecting.
This report is a legal analysis of PHRs and what privacy issues are at stake in PHRs, especially PHRs that exist outside of HIPAA, the federal privacy rule.
Personal health records – or PHRs – are a relatively new phenomenon in health care today. As discussed here, a PHR is a health record about a consumer that includes data gathered from different sources (e.g., health care providers, insurers, the consumer, and third parties such as gyms and others) and is made accessible, often online, to the consumer and to those authorized by the consumer. Businesses large and small are moving to take advantage of the potentially lucrative new business model PHRs provide, especially as leveraged through the Internet. Some of the newest PHR players include large and well-known technology companies, but some health care providers, insurers, and employers also promote PHRs. There are dozens of different PHR vendors.
The HIPAA privacy rule provides a degree of privacy protection for covered health records. The rule has problems and gaps, but it does establish minimum national privacy standards for disclosure, access, correction, and other elements of fair information practices. State laws that provide additional privacy protections remain in effect and can provide additional legal protections for privacy.
Many people are aware that health information may be privileged, but few – including some physicians – fully understand what that means. The physician-patient privilege (and the sometimes separate psychotherapist-patient privilege) offers some protections for confidential communications between physician and patient.