Electronic Health Records

Jan 26 2023

WPF advises HHS on confidentiality of patient records re: alcohol and drug treatment records

The World Privacy Forum (WPF) submitted comments on an important Notice of Proposed Rulemaking that proposes modifications of the protection requirements for substance use disorder (SUD) treatment records. Currently, health records regarding treatment for Substance Use Disorders receive special protections under what is called Part 2 regulations, or, 42 CFR Part 2. The changes proposed

Jul 08 2022

HIPAA and Reproductive Health: A companion FAQ to the Patient’s Guide to HIPAA

July 2022 Download a PDF The World Privacy Forum publishes and maintains A Patient’s Guide to HIPAA, which is a plain language explanation of how to use the law to guard your health privacy. This companion FAQ on HIPAA is focused on reproductive health privacy in response to the many questions we are receiving from

Dec 07 2021

WPF advises OSHA re: employee vaccination information

The U.S. Occupational Safety and Health Administration (OSHA) has published its proposal regarding how employee vaccination information will be treated by employers. WPF’s analysis has found a meaningful loophole in privacy protections, and has proposed a remedy to OSHA.

May 06 2021

WPF comments on HHS proposal to change HIPAA Privacy Rule

WPF filed comments today with the Department of Health and Human Services regarding an important Notice of Proposed Rulemaking that, if adopted, will bring substantial changes to patients’ electronic health records and how they are managed, among other issues. In general, we found much to support in the NPRM. However, there are sections of the

Mar 03 2021

WPF urges US Federal Trade Commission to re-examine data breach notification requirements for health data in Flo Health proposal

The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women’s pregnancy, menstruation, mental health, and other data with

National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic

The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.