Health IT — The Health IT Standards Committee will be meeting tomorrow, August 20, from 9 a.m. to 3 p.m. in Washington DC. Those interested in this meeting can participate in person, or via the phone and web. The privacy and security workgroup will report at 1:30 pm Eastern. Location and call-in information is available at the HHS web site.
Health data breach rulemaking — The Federal Trade Commission has issued its final Health Breach Notification Rule for vendors of Personal Health Records and related entities, as required under ARRA, The American Recovery and Reinvestment Act of 2009. The initial proposed Health Breach Notification Rule was generally thoughtful and thorough. The World Privacy Forum submitted extensive comments on the proposed rule both supporting parts of it and making some suggestions for changes. The FTC incorporated several specific WPF suggestions into the final rule. In particular, the FTC incorporated the applicability of the rule to foreign entities with U.S. customers (Final Rule p. 17), and the applicability of the rule to search engines appearing on Personal Health Record web sites (Final Rule p. 34). The new rule will be published in the Federal Register shortly; until then, it is available at the FTC web site. Also available is a form that entities covered under this rule can use to report data breaches to the FTC. The Health Breach Notification Rule will be effective 30 days after publication in the Federal Register, and full compliance with the rule will be required beginning 180 days after publication.
Online privacy and government web sites — The World Privacy Forum filed comments with the Office of Management and Budget regarding its proposal to begin to allow the use of tracking cookies on government web sites. The proposal was published in the Federal Register, and outlined a three-tiered plan for how web tracking technologies might be used. The Forum’s comments focused on methods of opt-out, data retention, secondary use, user authentication, new tracking technologies such as Flash cookies, and the need for new opt-out mechanisms. The Forum also urged the federal government to not allow third party tracking of consumers’ use of government web sites, and to guard against any discrimination against consumers who do not want to be tracked.
Cloud computing — The World Privacy Forum sent a letter to Los Angeles Mayor Villaraigosa today expressing concerns and questions about a proposed contract to move the city of Los Angeles’ email and some other computing tasks to a cloud-based system. The Forum expressed concerns in particular about the lack of contractual protection for health data, AIDs data, genetic information, domestic violence and sexual assault victim information, among other sensitive information. The Forum suggested the city undertake an independent and thorough risk assessment prior to completing the contract, and suggested a robust public comment process that includes all stakeholders. The City will take up the issue of this contract at a city council Information Technology Committee meeting on Tuesday July 21. The World Privacy Forum published a detailed analysis of the privacy issues of cloud computing in February which outlines the challenges and ambiguities that governments and others face as they make decisions about what data to put in the cloud.
The World Privacy Forum sent a letter to Los Angeles Mayor Villaraigosa today expressing concerns and questions about a proposed contract to move the city of Los Angeles’ email and some other computing tasks to a cloud-based system. The Forum expressed concerns in particular about the lack of contractual protection for health data, AIDs data, genetic information, domestic violence and sexual assault victim information, among other sensitive information. The Forum suggested the city undertake an independent and thorough risk assessment prior to completing the contract, and suggested a robust public comment process that includes all stakeholders. The City will take up the issue of this contract at a city council Information Technology Committee meeting on Tuesday July 21. The World Privacy Forum published a detailed analysis of the privacy issues of cloud computing in February which outlines the challenges and ambiguities that governments and others face as they make decisions about what data to put in the cloud.