Personal Health Records: PHRs and Privacy Policies

Report home | Read the report (PDF) | Previous section | Next section

For a non-HIPAA covered PHR, the privacy policy becomes a key document, if it is available. The privacy policy of a PHR vendor may tell consumers how the vendor plans to use personal information. It is possible that a commercial or advertising-supported PHR will do a good job of protecting its clients from uninformed or casual disclosures of personal or health information. It is also possible that a cautious client will not be able to evaluate a PHR vendor’s policy or practice.

Privacy policies and terms of service may, if read carefully, reveal something about the bona fides of the PHR vendor. Here are a few questions to consider.

• Does the PHR vendor disclaim all liability for the availability or accuracy of information?

• Does the policy say that the user must pay the PHR’s expenses in case of a lawsuit arising from use of the service?

• Is a user’s ability to recover damages limited or excluded in case of harm?

• Does the PHR collect personal information about consumers from other sources (e.g., data brokers)?

• Does the PHR say that it has no control over the use of personal third-party advertising networks?

• Are a consumer’s searches stored over time so that the PHR vendor has a search use profile that can be used or shared?

• Does the website reveal when someone else paid the PHR vendor to display information? Are paid links identified?

• What happens to personal information if a user stops using the service? • Is the user’s information completely deleted upon request?

• Can the PHR vendor transfer identifiable information to another country where there are no privacy or security protections?

• Can the vendor transfer information to another company without express permission?

• How many separate privacy policies and terms of service apply to the PHR vendor, and how do they overlap?

• How long are these policies?

• Are the policies comprehensible to anyone other than a lawyer?

• Does the PHR vendor clearly state its relationship to HIPAA? If so, does the vendor say that it is “covered under HIPAA”? That statement is much more meaningful than if the PHR vendor says that it is “compliant with HIPAA.” The term HIPAA-compliant is sometimes used by PHR companies that are not covered by HIPAA. This term can be confusing to consumers who do not clearly understand the difference between HIPAA-covered and HIPAA compliant.

One thing likely to appear in every PHR vendor’s privacy policy is the vendor’s right to change the policy. PHR vendors are likely to reserve the right to change the policy at any time, without notice, and without the user’s ability to object. What that means is that even if a PHR vendor has a current set of policies that protect privacy, the vendor can change those policies at will and with retroactive effect on previously collected information. If a PHR vendor finds that it is not making a profit, it can amend its rules about sharing information with marketers and try to increase its revenues. It is unlikely that PHR users will have the right to consent before a commercial PHR system changes its privacy policy. As the PHR industry consolidates, there could be a race to the bottom because the vendors who share information more broadly have the best chance to survive.

Roadmap: Personal Health Records – Why Many PHRs Threaten Privacy: II. Discussion – PHRs and Privacy Policies

Report home | Read the report (PDF) | Previous section | Next section

Posted February 20, 2008 in Health Privacy, Health Records, HIPAA, Personal Health Record (PHR), Report: Personal Health Records - Why Many PHRs Threaten Privacy, Uncategorized

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.