Health Privacy

About health privacy, World Privacy Forum key health privacy resources

The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues.

Some of our most frequently accessed health privacy resources include:

* A Patient’s Guide to HIPAA

* Medical Identity Theft Page (resources, reports, more)

* Health privacy tagged materials

* HIPAA tagged materials

* Electronic Health Records tagged materials

* Common Rule and Human Subject Research Protection tagged materials

* Genetic privacy tagged materials

We have many more publications and resources. For a full list of topics and publications, see our key issues page.

See below for health privacy news and content by date.

Aug 07 2023

WPF advises FTC regarding health data breach notification rule

The World Privacy Forum filed comments regarding the US Federal Trade Commission’s 2023 Notice of Proposed Rulemaking regarding Health Breach Notification. This marks the second set of comments WPF has filed, our first being in 2009 regarding the first iteration of the Health Breach Rule. The comments are technical, and focus on the fundamental challenges

Jun 28 2023

WPF advises HHS regarding proposed changes to standards for privacy under HIPAA

WPF provided detailed comments to the US Department of Health and Human Services regarding its proposal for changes to HIPAA regarding modifications to the Privacy Rule. Specifically, HHS proposed modifications to standards for the privacy of individually identifiable health information. WPF supports many of the changes proposed in the NPRM.

Apr 12 2023

Emerging Technologies, Human Subject Research, and the Common Rule: High level overview of the 2023 OHRP Research Community Forum

Earlier this month, WPF attended a joint conference focused on the shifting dynamics of how the Common Rule that governs human subject research in the US will be interpreted amidst new technological shifts such as AI. The department of Health and Human Services is seeking to define what the next steps and new policy frameworks should be to ensure the Common Rule protects individuals in current and future research environments. Details on the presentations, conversations, and key takeaways in the post.

Feb 01 2023

FTC takes first enforcement action under its Health Breach Notification Rule; also takes action against misrepresentation of HIPAA compliance

The FTC announced its first enforcement action under its Health Breach Notification Rule. This rule applies to entities that are not covered under HIPAA. The announcement of the proposed order was filed by the U.S. Department of Justice on behalf of the FTC against the “…telehealth and prescription drug discount provider GoodRx Holdings, Inc. for

Jan 26 2023

WPF advises HHS on confidentiality of patient records re: alcohol and drug treatment records

The World Privacy Forum (WPF) submitted comments on an important Notice of Proposed Rulemaking that proposes modifications of the protection requirements for substance use disorder (SUD) treatment records. Currently, health records regarding treatment for Substance Use Disorders receive special protections under what is called Part 2 regulations, or, 42 CFR Part 2. The changes proposed

National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic

The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.