Electronic Health Records

WPF urges US Federal Trade Commission to re-examine data breach notification requirements for health data in Flo Health proposal

The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women’s pregnancy, menstruation, mental health, and other data with

World Health Organization updates its data sharing principles; WPF participant in external expert advisory group

This summer, the World Privacy Forum served as a member of the World Health Organization’s External Expert Group on Data Principles. We are pleased to announce that WHO has now published its updated data principles and data sharing policy, as of October 2020.  While there are additional items that WPF would like to address in

WPF to testify before NCVHS on emerging privacy concerns in health privacy — Beyond Digitization: Artificial Intelligence, APIs, and health privacy

WPF Executive Director Pam Dixon will testify before the full committee of the National Committee on Vital and Health Statistics (NCVHS) regarding emerging privacy concerns in the healthcare environment, including the role of artificial intelligence, patient authorizations, and automated access to patient health information.  The NCVHS is the statutory [42 U.S.C. 242k(k)] public advisory body

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.