Uncategorized

Public Comments: September 2006 Proposed Regulations on Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003

Medical identity theft is both an information crime and a health crime. In this crime, a victim’s medical identity is stolen or appropriated in some way. Victims’ financial life may be impacted, and there may be other complicating factors. Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity – such as a Social Security Number-- without the victim’s knowledge or consent to obtain medical services or goods, or when someone uses an individual’s identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims.

World Privacy Forum Comments on "Red Flag" Guidelines for Identity Theft, Requests Addition of Medical Identity Theft to Red Flag Rule

Identity theft | medical identity theft -- The World Privacy Forum filed comments with the Federal Trade Commission, the Treasury, and other federal agencies today regarding the joint draft rule on "Red Flags" for identity theft. In its comments, the World Privacy Forum requested that medical identity theft be added to several aspects and portions of the proposed rule. Adding medical identity theft to the rule is essential to help close gaps in protection for consumers and to encourage health care providers to attend to victims' challenges and needs regarding medical identity theft.

World Privacy Forum Announces Plans to File FTC Complaint About AOL Search Data Release

Internet privacy -- The World Privacy Forum announced today that it would be filing a complaint with the Federal Trade Commission about the posting by AOL of a portion of its users’ search data on the Internet. While the data was not expressly identified by name, the search queries themselves included in some cases personally identifiable information such as individuals’ names, Social Security Numbers, and myriad other personal information. The World Privacy Forum urges consumers to take precautions when using search engines.

World Privacy Forum Comments on Privacy Issues Relating to a Nationwide Genetic Research Project

Genetic privacy -- The collection of DNA material from 500,000 to 1,000,000 or more individuals as part of a large U.S. medical research project raises many challenging ethical, legal, and privacy issues. An advisory committee reporting to the Office of the Secretary of Health and Human Services ( the Secretary's Advisory Committee on Genetics, Health and Society) has published a detailed analysis of the issues such a project and its associated databases and biobanks would raise in a draft report. The committee's final report and policy recommendations will be submitted to the Secretary of HHS. The World Privacy Forum has submitted public comments on the draft; the comments include key policy recommendations. The Forum's recommendations include the need to provide protection from compelled disclosure of information, the necessity for a full-time project privacy officer with enforcement power, the need to address identifiability issues, and the need for a far-reaching and robust privacy policy that exceeds the requirements of HIPAA, among other recommendations.

Public Comments: July 2006 - WPF comments on draft report "Policy Issues Associated with Undertaking a Large U.S. Population Cohort Project on Genes, Environment, and Disease.

The collection of DNA material from 500,000 to 1,000,000 or more individuals as part of a large U.S. medical research project raises many challenging ethical, legal, and privacy issues. An advisory committee reporting to the Office of the Secretary of Health and Human Services ( the Secretary's Advisory Committee on Genetics, Health and Society) has published a detailed analysis of the issues such a project would raise in a draft report. The committee's final report and policy recommendations will be submitted to the Secretary of HHS. The World Privacy Forum has submitted public comments on the draft report; the comments include key policy recommendations. The Forum's recommendations include the need to provide protection from compelled disclosure of information, the necessity for a full-time project privacy officer with enforcement power, and the need for a far-reaching and robust privacy policy that exceeds the requirements of HIPAA, among other recommendations.

Step-by-step FAQ for victims of medical identity theft

Medical records privacy and how-to -- Following its report on medical identity theft, the World Privacy Forum has responded to the need for specialized advice for victims of medical identity theft. The Access, Amendment, and Accounting of Disclosures: FAQs for Medical ID Theft Victims is the first resource of its kind, and is intended to help victims navigate the complicated process of correcting medical files and recovering from the unique harms of medical identity theft. The FAQ includes sample letters to use, as well as step-by-step advice on how to get a copy of health records, ask for changes to health records from healthcare providers, and ask for a history of disclosures of health records.

World Privacy Forum comments on Medicaid Program and State Children's Health Insurance Program Systems Notice; requests changes

Agency comments / Medical privacy -- The World Privacy Forum submitted comments to the Centers for Medicare & Medicaid Services requesting that it amend a Systems of Records Notice to address an oversight and address other privacy issues. The Forum requested that CMS add a reference in the system notice to Executive Order 13181 of December 20, 2000, “To Protect the Privacy of Protected Health Information in Oversight Investigations.” The Forum also requested that the routine uses be revised to reflect the HIPAA requirements as appropriate when the disclosures involve HIPAA records.

Medical Identity Theft: Part I - Summary

THE DANGEROUS IMPACT OF MEDICAL IDENTITY THEFT MEDICAL IDENTITY THEFT, THE CRIME THAT HAS HIDDEN ITSELF ALL TOO WELL THE VICTIMS’ PERSPECTIVE: LACK OF RECOURSE, LACK OF RIGHTS, AND LACK OF HELP ELECTRONIC RECORDS, HEALTH NETWORKS, AND THE CHALLENGES MEDICAL IDENTITY THEFT BRINGS TO BOTH MEDICAL IDENTITY THEFT VICTIMS ARE FALLING THROUGH GAPS BACKGROUND OF THIS REPORT FINDINGS RECOMMENDATIONS

Medical Identity Theft: Discussion - Definition of Medical Identity Theft

Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity – such as insurance information or Social Security Number-- without the victim’s knowledge or consent to obtain medical services or goods, or when someone uses the person’s identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims.

World Privacy Forum Files Comments About Proposed Changes to HIPAA

Medical privacy | HIPAA -- Five groups joined the World Privacy Forum in asking for changes to be made to a proposed rule on how medical healthcare claims attachments are handled electronically. The World Privacy Forum and the EFF, EPIC, Privacy Rights Clearinghouse, Privacy Activism and U.S. Public Interest Research Group (U.S. PIRG) asked that physicians be given more control over what parts of health records they send electronically to insurance companies, that psychotherapy notes not be included when sending health records for insurance payment, and that the HIPAA Privacy Rule be rigorously applied to scanned health records.

FTC to Conduct New Identity Theft Survey; World Privacy Forum Submits Comments

Identity theft -- The World Privacy Forum submitted comments in response to the Federal Trade Commission's request for feedback on its upcoming identity theft survey. The FTC identity theft survey is one of the most quoted surveys on the subject. The World Privacy Forum requested changes and clarifications to the survey, including adding questions about security breach notices and clarifying existing questions about medical identity theft, among other issues.

World Privacy Forum Comments to HHS on Protecting Patient Choice and Expanding Medical Privacy Rights

Medical privacy -- The World Privacy Forum filed comments with Health and Human Services this week asking the agency to protect patient choice and privacy. The World Privacy Forum asked that patients continue to be able to receive accounting of disclosures under HIPAA, and asked that this important patient right under HIPAA not be removed or weakened. The World Privacy Forum also asked HHS to review how patients' records can be amended under HIPAA, and recommended that in light of the coming National Health Information Network, that changes to enhance patient choice may be needed in this area.

World Privacy Forum Testifies on Electronic Health Records and Privacy

Medical privacy -- The World Privacy Forum testified before the National Committee on Vital Health Statistics in August regarding the importance of patient choice in the area of Electronic Health Records. The testimony stressed the importance of building security, patient privacy, and choice into EHRs and any form of the proposed National Health Information Network (NHIN).

Testimony of Pam Dixon, before the National Committee on Vital and Health Statistics (NCVHS) Subcommittee on Privacy and Confidentiality

The World Privacy Forum has been particularly interested in developments related to EHRs and the NHIN. Given the impetus of the 2004 Executive Order [1] mandating forward movement in these areas, and the broad impact digitized medical records will potentially have on patients and on the healthcare sector, the World Privacy Forum believes that the decisions this Committee and others shaping these efforts arrive at will be of lasting importance. Given the transition of many parts of our society from analog to digital, it is crucial to ask what this digitization will look like and to carefully examine and discuss what form EHRs and related systems should take in regards to patient choice, privacy, and security.

HIPAA News and National Health Information Network News

Medical privacy -- In HIPAA news, the Department of Justice has released a new ruling regarding HIPAA. The opinion is available here (PDF). Also, the HHS report summarizing the 500 + comments on the RFI for the National Health Information Network has been posted. The HHS report is available here. The World Privacy Forum and the Electronic Frontier Foundation submitted joint comments for the NHIN RFI, those comments are available here (PDF).

Updated Consumer tips for retrieving your federally mandated free credit report

Financial and Internet privacy -- Before you call, click, or mail away for your federally mandated free credit report, read these tips to help you avoid potential problems. This consumer tip sheet includes graphics to show you what problematic "fake" free credit sites look like, and includes consumer-tested tips for safely receiving your free reports. The tip sheet also includes resources with information, phone numbers, and addresses for ordering your report.

New CSS rules

"Strong" and "em" and "cite" and "code" already have rules written for the ID called "center". p — By calling the toll free number em — instead of visiting the online site, strong — consumers are also protected cite — from the potentially confusing samp — sales and marketing information ...

WPF and EFF Submit Comments on the National Health Information Network

Medical Privacy | Infrastructure & Databases -- The World Privacy Forum and the Electronic Frontier Foundation have submitted official comments in response to the U.S. government's "Request for Information" about its plan to digitize all patient medical records and create an electronic "National Health Information Network" or NHIN. The comments urge caution in designing the NHIN and call for the government to build privacy, security, and open source technologies into the system from the beginning of the project.