WPF urges HHS to clarify the harms of medical identity theft for victims

WPF has urged HHS to clarify the intersection between HIPAA compliance and harms resulting from medical identity theft in its response to the Request for Information from the Office of Civil Rights of the Department of Health and Human Services regarding implementation of the HITECH Act. WPF has a long history of work regarding this form of identity fraud.

Beginning in 2005, WPF coined the term medical identity theft in testimony before the National Committee on Vital and Health Statistics, and then in 2006, WPF wrote the first report about the issue, following it up with FAQs for victims, and eventually, a methodology for resolving errors introduced into electronic health records as a result of the crime. After now 17 years of work, the crime is now well-documented and is no longer a novel threat. Many of the problems associated with the crime have been ameliorated. Nevertheless, the crime still exists, and victims still suffer a range of harms that can be quite significant, both medically and financially. WPF has urged HHS to do more to clarify various aspects of all stages of the lifecycle of the crime so that questions regarding whether or not HIPAA compliance was a factor can be addressed more clearly.

Another issue WPF addressed with HHS is the potential for conflict of interest regarding implementation of redress to individuals who have been harmed by HIPAA non-compliance. WPF suggested procedural and administrative controls as a way to work around complex issues regarding adjudication of monetary pay-outs for harms resulting from HIPAA non-compliance.

Read the Comments:

Considerations for Implementing the Health Information Technology for Economic and Clinical Health (HITECH) Act (PDF, 6 pages)

Posted June 3, 2022 in Health Records, HIPAA, Medical Identity Theft, U.S. Department of Health and Human Services

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.