HIPAA

WPF comments to NIST regarding its differential privacy guidance

WPF submitted comments to the National Institute of Standards and Technology regarding its Draft Guidelines for Evaluating Differential Privacy Guarantees. The comments approach the NIST Draft Guidance from a policy perspective, and urged changes to some parts of the definitional language in the Draft Guidance. Key areas of the comments include: A discussion of the

WPF advises HHS regarding proposed changes to standards for privacy under HIPAA

WPF provided detailed comments to the US Department of Health and Human Services regarding its proposal for changes to HIPAA regarding modifications to the Privacy Rule. Specifically, HHS proposed modifications to standards for the privacy of individually identifiable health information. WPF supports many of the changes proposed in the NPRM.

Emerging Technologies, Human Subject Research, and the Common Rule: High level overview of the 2023 OHRP Research Community Forum

Earlier this month, WPF attended a joint conference focused on the shifting dynamics of how the Common Rule that governs human subject research in the US will be interpreted amidst new technological shifts such as AI. The department of Health and Human Services is seeking to define what the next steps and new policy frameworks should be to ensure the Common Rule protects individuals in current and future research environments. Details on the presentations, conversations, and key takeaways in the post.

FTC takes first enforcement action under its Health Breach Notification Rule; also takes action against misrepresentation of HIPAA compliance

The FTC announced its first enforcement action under its Health Breach Notification Rule. This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the “…telehealth and prescription drug discount provider GoodRx Holdings, Inc. for