Health Records

WPF to speak before the State House of Mongolia for its National Consultation on e-Health, and before the Human Rights Commission of Mongolia

5 April 2024, Paris, France — World Privacy Forum Executive Director Pam Dixon has been invited to speak at the State House of Mongolia for the Government of Mongolia’s National Consultation on e-Health. She will be speaking twice at this event; first, on the topic of Artificial Intelligence in Healthcare and second, on Big Data in e-Health.  She will be presenting later in the week on AI governance and Privacy before the Ministry of Digital Development and Communications, and on the topic of AI Governance Tools before the National Human Rights Commission of Mongolia. All speeches will take place in Ulaanbaatar, Mongolia.

WPF advises HHS on confidentiality of patient records re: alcohol and drug treatment records

The World Privacy Forum (WPF) submitted comments on an important Notice of Proposed Rulemaking that proposes modifications of the protection requirements for substance use disorder (SUD) treatment records. Currently, health records regarding treatment for Substance Use Disorders receive special protections under what is called Part 2 regulations , or, 42 ...

How New Procedural Controls Using the Privacy Act of 1974 Can Improve the Protections of Reproductive Health Information Held by Federal Agencies

September 2022 By Robert Gellman and Pam Dixon Download this Report Executive Summary This report suggests specific procedural and substantive ways that the Executive Branch can revise implementation of the Privacy Act of 1974 to restrict and more carefully administer some disclosures of reproductive health information by federal agencies to ...

WPF urges HHS to clarify the harms of medical identity theft for victims

WPF has urged HHS to clarify the intersection between HIPAA compliance and harms resulting from medical identity theft in its response to the Request for Information from the Office of Civil Rights of the Department of Health and Human Services regarding implementation of the HITECH Act. WPF has a long history of work on the issue of medical identity theft, which has informed its response to HHS.

WPF urges HHS National Vaccine Advisory Committee to extend privacy protections of vaccination information

In public testimony September 15, 2021, WPF's Executive Director urged the Department of Health and Human Services National Vaccine Advisory Committee Committee to establish broadened protections for covid-19 vaccination data, including extending the existing CDC Guidance (from May 2021) prohibiting commercial marketing use of vaccination registration information or other vaccination ...

WPF supports CDC guidance prohibiting use of vaccine recipients' data for commercial marketing purposes, urges that protections are extended to proof of vaccination systems

WPF's Executive Director spoke today before the US Center For Disease Control's ACIP Committee regarding privacy protections for vaccine recipients' data. WPF supported the CDC’s prohibition on the use of vaccine recipient data for commercial marketing purposes. The CDC’s Vaccination Program Provider Requirement s , published in May 18, 2021, ...

World Health Organization updates its data sharing principles; WPF participant in external expert advisory group

This summer, the World Privacy Forum served as a member of the World Health Organization’s External Expert Group on Data Principles . We are pleased to announce that WHO has now published its updated data principles and data sharing policy, as of October 2020. While there are additional items that ...

April 15, 2020 WPF Statement on the COVID-19 Community Based Testing Sites HIPAA Waiver

In response to the COVID-19 (coronavirus) pandemic, the U.S. Department of Health and Human Services announced a HIPAA waiver April 9, 2020 regarding Community Based Testing Sites, which waives enforcement of all HIPAA privacy and security protections and data breach rules from some health care activities affecting COVID-19 testing.  This statement from WPF includes the following information:   -What are the changes the Community Based Testing Sites HIPAA waiver creates?  -What are the privacy concerns?  -WPF recommendations to correct the privacy problems in the Community Based Testing Sites HIPAA waiver   -Background on HIPAA waivers and a list of all current waivers in force

April 6, 2020 WPF Statement on COVID-19 Business Associate HIPAA Waiver

In response to the COVID-19 (coronavirus) pandemic, the U.S. Department of Health and Human Services announced a HIPAA waiver April 2, 2020 regarding Business Associates. The April 2 waiver is consequential and poses significant privacy challenges. This statement from WPF includes the following information:   -What are the changes to HIPAA the April 2 waiver creates?  -What are the privacy concerns?  -WPF recommendations to correct the problems in the April 2, 2020 waiver  

WPF to testify before NCVHS on emerging privacy concerns in health privacy — Beyond Digitization: Artificial Intelligence, APIs, and health privacy

WPF Executive Director Pam Dixon will testify before the full committee of the National Committee on Vital and Health Statistics (NCVHS) regarding emerging privacy concerns in the healthcare environment, including the role of artificial intelligence, patient authorizations, and automated access to patient health information. The NCVHS is the statutory [42 ...

WPF responds to HHS and urges it to keep privacy protections in HIPAA strong

WPF has written to the US Department of Health and Human Services advising them on their Request for Information (RFI) about possible changes to HIPAA privacy and security protections. The RFI has a number of suggestions that, should they become part of a formal proposal, would significantly weaken HIPAA privacy protections.

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

The New Healthcare Fraud Continuum: Keynote

This coming Thursday, WPF Executive Director Pam Dixon will give a keynote speech on health privacy and security, "The New Healthcare Fraud Continuum." Based on her latest research in health privacy, this talk will be Dixon's first talk about the new fraud continuum, what it is, how it operates, what ...

WPF files comments on US government proposal on confidentiality of drug/alcohol patient records, urges revisions

The World Privacy Forum commented on an important proposal to make changes to the existing rules regarding the confidentiality of alcohol and drug abuse patient records. The proposal is from the Substance Abuse and Mental Health Services Administration (SAMHSA), part of the US Department of Health and Human Services. These ...

(Updated) Urgent for California Parents: Detailed student SSNs, medical information to be released by a court

Update for March 3, 2016: This week a judge has ordered that the approximately 10 million records of California students held by the California Department of Education will not be turned entirely over to a group of community nonprofits in the Morgan Hill case. Instead, the judge ordered that several ...

WPF files comments on new FERPA student health privacy guidance

The World Privacy Forum filed comments to the US Department of Education regarding its student health privacy guidance published August 18, 2015. The World Privacy Forum supports the DoE guidance, which clarifies how universities and colleges are to handle sensitive student medical records in cases of non-medical litigation. The guidance ...

Video: Healthy Cities Project in China -- 20 million health records in the cloud (CES 2015, interview)

The Healthy Cities Project in China is one where mobile devices, mobile health mini-hubs, and sensors are the key way that patients, doctors, government, and enterprises can input, monitor, and access vital health statistics and other information in the cloud. Twenty million people already use this system. Healthy Cities is important for study, because it is a fully established infrastructure in those cities in China where it has been deployed. In the US, the Healthy Cities project is being studied by academics to see how it could be replicated in the US marketplace.

Student Privacy 101: Health Privacy in Schools --What law applies?

Schools increasingly provide students with more health services. Health clinics, counselors on site, administration of drugs, and vaccinations are among the types of healthcare offered on school campuses ranging from kindergarten through graduate school. Given that schools may have sensitive health information, what law covers health record privacy for school records? The answer is important. It is also messy, because two laws can apply to this information. In some cases, no privacy law applies to the health records.

Some Californians receive emails from health insurer with personal details exposed: potential CalINDEX implications?

This week the New York Times reported that some California members of health insurer Anthem Blue Cross received disturbing emails with exposed subject lines related to their sensitive medical information. From the article: " But the emails’ subject lines included member-specific demographic details like age range and language. They also ...