Health Privacy

About health privacy, World Privacy Forum key health privacy resources

The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues.

Some of our most frequently accessed health privacy resources include:

* A Patient’s Guide to HIPAA

* Medical Identity Theft Page (resources, reports, more)

* Health privacy tagged materials

* HIPAA tagged materials

* Electronic Health Records tagged materials

* Common Rule and Human Subject Research Protection tagged materials

* Genetic privacy tagged materials

We have many more publications and resources. For a full list of topics and publications, see our key issues page.

See below for health privacy news and content by date.

Aug 31 2022

WPF advises Secretary’s Advisory Committee on Human Research Protection regarding its proposed AI Framework

WPF recently reviewed and provided recommendations regarding a proposed AI Framework meant to apply to medical research involving human subjects. The issue of human subject research is a critically important one. In the US, The Common Rule (45 CFR subpart A) is a key regulation that protects people from unethical medical research. As research utilizing tools such as AI and SaMD — software as a medical device — grows in use, there is an urgent need to determine the proper ethical, legal, and regulatory framework for the use of these tools in the human subject research context. For this reason, WPF was pleased to review and provide recommendations to the Secretary’s Advisory Committee on Human Research Protections, SACHRP, on its proposed AI Framework.

May 18 2022

HIPAA Compliant, or HIPAA Covered?

One of the most common questions we receive is: what does HIPAA compliant mean? Well.. If a company or entity or health app is not covered by HIPAA, it may still say that it is “HIPAA compliant.” HIPAA compliant does not mean the same thing as being a HIPAA- covered entity. If you see the

Dec 07 2021

WPF advises OSHA re: employee vaccination information

The U.S. Occupational Safety and Health Administration (OSHA) has published its proposal regarding how employee vaccination information will be treated by employers. WPF’s analysis has found a meaningful loophole in privacy protections, and has proposed a remedy to OSHA.

Sep 15 2021

WPF urges HHS National Vaccine Advisory Committee to extend privacy protections of vaccination information

In public testimony September 15, 2021, WPF’s Executive Director urged the Department of Health and Human Services National Vaccine Advisory Committee Committee to establish broadened protections for covid-19 vaccination data, including extending the existing CDC Guidance (from May 2021) prohibiting commercial marketing use of vaccination registration information or other vaccination data. The intersection between HIPAA privacy regulations

Aug 13 2021

WPF supports CDC guidance prohibiting use of vaccine recipients’ data for commercial marketing purposes, urges that protections are extended to proof of vaccination systems

WPF’s Executive Director spoke today before the US Center For Disease Control’s ACIP Committee regarding privacy protections for vaccine recipients’ data. WPF supported the CDC’s prohibition on the use of vaccine recipient data for commercial marketing purposes. The CDC’s Vaccination Program Provider Requirements, published in May 18, 2021, specifically prohibits the commercial marketing use of

Global Visualization of Countries with Data Privacy Laws, Treaties, or Conventions

Background and Methodology: The conceptualization and initial research for this...
New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...