July 21, 2012 San Diego, California — Today the World Privacy Forum filed comments on California’s plan to harmonize existing California state law to federal health privacy laws. California’s health privacy law, the CMIA, offers Californian’s stronger privacy protections than national level health privacy laws. WPF urges California to reconsider its plan to weaken Californian’s privacy. Executive director Pam Dixon said “The harmonization plan coming out of California’s Department of Health and Human Services is not in harmony with California patients and their health privacy.”
World Privacy Forum information and materials on medical identity theft.
Consumers can learn about Medical Identity Theft, what how to avoid it, and what actions to take if you are a victim.
In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
Common Rule | Health Privacy — The World Privacy Forum filed extensive comments with the US Department of Health and Human Services about its proposed changes regarding the rules governing human subject medical research. In the comments, WPF noted that the HHS approach to privacy for research subjects was incomplete and did not use all Fair Information Practices. WPF strongly urged HHS to revise its proposal on a number of issues, including consent and the use of biospecimens in research. The World Privacy Forum is urging HHS to acknowledge that the realm of health data that is truly non-identifiable has shrunken remarkably, for example, biospecimens with DNA cannot be considered non-identifiable anymore. “In our comments, we are requesting that HHS give individuals the opportunity to make choices about the use of their own health data and specimens,” said Executive director Pam Dixon. WPF also stated in its comments that “A central database with identifiable information about participants in human subjects research is a terrible idea.” (See p. 21 of WPF comments.)