Health Privacy

About health privacy, World Privacy Forum key health privacy resources

The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues. 

Some of our most frequently accessed health privacy resources include:

* A Patient’s Guide to HIPAA

* Medical Identity Theft Page (resources, reports, more)

* Health privacy tagged materials 

* HIPAA tagged materials 

* Electronic Health Records tagged materials 

* Common Rule and Human Subject Research Protection tagged materials

* Genetic privacy tagged materials 

We have many more publications and resources. For a full list of topics and publications, see our key issues page.

See below for health privacy news and content by date.

WPF Statement to the Civil Society Consultation on Sustainable Health Security Preparedness and Response, C20, 2021

The World Privacy Forum participated in the C20 Civil Society Consultation on Sustainable Health Security Preparedness 20 April, 2021, part of the preparatory work for the G20 health-related declaration. (Rome Declaration.) In our attached statement to the C20 / G20, we outline three key requirements to allow safe and sustainable health data ecosystem knowledge utilization, including privacy and effective data governance, interoperability, and robust inclusion of LMICs and vulnerable or
marginalized populations in standards development.

WPF urges US Federal Trade Commission to re-examine data breach notification requirements for health data in Flo Health proposal

The World Privacy Forum has submitted comments to the FTC regarding its proposed consent order In the Matter of Flo Health, Inc. requesting that the FTC conduct further analysis regarding the FTC Health Data Breach Rule and its potential applicability to the alleged unconsented sharing of women’s pregnancy, menstruation, mental health, and other data with

WPF comments on European Commission proposal for new Health Authority

The European Commission has proposed the creation of a new European Health Emergency Preparedness and Response Authority, HERA. WPF provided comments regarding the proposal, urging the Commission to ensure from the outset that HERA will fulfill its mission with a focus on data interoperability and will include specific data governance and protection measures that will analyze

World Health Organization updates its data sharing principles; WPF participant in external expert advisory group

This summer, the World Privacy Forum served as a member of the World Health Organization’s External Expert Group on Data Principles. We are pleased to announce that WHO has now published its updated data principles and data sharing policy, as of October 2020.  While there are additional items that WPF would like to address in

COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic

The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.