Health Records

World Privacy Forum elected to HITSP board

HITSP — World Privacy Forum executive director Pam Dixon was elected to be the consumer representative on the HITSP board (Health Information Technology Standards Panel). HITSP is a national standards-setting body that is part of ANSI (The American National Standards Institute) and is working on specifications and standards for the National Health Information Network. The term will begin in January of 2009.

Public Comments: September 2008 – World Privacy Forum urges more attention to the protection of research study participants

Human Subjects Research Protection (OHRP) — The World Privacy Forum filed comments with the Office of Human Research Protection urging the office to do more to protect the privacy of people who are subjects of research. The comments urge the OHRP to focus more attention on providing privacy-specific training for boards overseeing research, which are often weak in knowledge about the breadth of privacy issues in research. The WPF also voiced its strong support for certificates of confidentiality for research involving human subjects, stating that “nearly all research that involves identifiable health data or other personal data about individuals should have a certificate of confidentiality unless a researcher can state a substantive reason why a certificate is not appropriate for the study.”

WPF Resource Page: Personal Health Records

PHRs have been promoted in recent years as being an empowering panacea of benefits for consumers, but there has been little meaningful discussion of the complex and serious privacy issues PHRs can raise. For example, very few consumers know that not all PHRs are protected by HIPAA, the federal privacy rule that applies to medical files held at, for example, hospitals.

Consumer Tips: The Potential Privacy Risks in Personal Health Records

In PHRs, important information about privacy procedures and policies is contained in the fine print, and the fine print really matters. That’s because some PHRs are covered under HIPAA privacy protections, but many PHRs are not covered under HIPAA privacy protections. Few consumers understand that their health care files are not always protected under HIPAA when their files are in a PHR.

Legal and Policy Analysis: Personal Health Records: Why Many PHRs Threaten Privacy

New publication | PHRs and privacy — The World Privacy Forum has published a new legal and policy analysis examining Personal Health Records — or PHRs — and the privacy issues associated with them. This analysis, Personal Health Records: Why Many PHRs Threaten Privacy, was prepared by Robert Gellman for the World Privacy Forum. The analysis finds that significant, serious threats to privacy exist in some PHRs.