Archived WPF Privacy Policy 2007- 2009

This privacy policy applies to the World Privacy Forum web site, www.worldprivacyforum.org. This privacy policy may change from time to time in response to new laws, to changes made to the web site, or otherwise. The World Privacy Forum reserves the right to make changes to the policy, but does not anticipate making major adjustments to the approach outlined here.

Public Comments: June 2007 – FDA/AHRQ Public Workshop, Implementation of Risk Minimization Action Plans to Support Quality Use of Pharmaceuticals: Opportunities and Challenges

The FDA has not paid attention to privacy standards that should be applied to RiskMAP programs. Unfortunately, this lack of FDA attention has resulted in inappropriate and unethical marketing to patients using patient information gathered for treatment purposes. If these marketing activities were being conducted by HIPAA-covered entities, the activities would be illegal. These activities may well be illegal in California, which has a strong state-level medical privacy law that goes beyond HIPAA.

How to place a security freeze (credit freeze)

Security freeze | identity theft | financial privacy — A credit freeze (sometimes called a security freeze) lets you stop the disclosure of your credit report by a credit bureau. A credit freeze can be especially helpful to individuals who are having persistent problems with identity theft. If you live in a state with a security freeze law, then you may be able to place a security freeze on your files. This World Privacy Forum resource gives general background on security freezes, lists the states with security freeze laws, and links to more information for each state.

The FDA needs to set privacy standards to protect patients in drug risk programs

FDA privacy standards – RiskMAPs – World Privacy Forum executive director Pam Dixon testified at an FDA/AHRQ joint public workshop about the need for the FDA to set robust privacy standards for drug risk minimization programs, which are put in place for drugs the FDA has determined to be high risk in some way. Drug risk minimization programs (like the iPledge program for the acne drug Accutane) are not typically covered by HIPAA, and some programs have a privacy policy that allows marketing use of patient information collected as part of the risk program. This kind of marketing activity would not be allowable if the programs fell under HIPAA, and Dixon’s testimony stated that patients in these programs should have the same kinds of privacy protections as HIPAA covered programs, and that marketing activities involving patient information should not be allowable in these programs.