Health Privacy

SACGHS | Oversight of genetic testing — The Secretary’s Advisory Committee on Genetics, Health and Society (SACGHS) released its final report on Oversight of Genetic Testing (U.S. System of Oversight of Genetic Testing: A Response to the Charge of the Secretary of Health and Human Services, April 2008, PDF, 276 pages). This is a substantial, thoughtful report that is likely to have a long-term impact on the field. The World Privacy Forum submitted formal written comments regarding this report when it was in draft form, and also appeared before the Committee in person in February of 2008 to discuss additional information relevant to the report. The final report reflects the World Privacy Forum comments and testimony. The report now includes a discussion about Direct to Consumer advertising and marketing as well as related privacy issues. The discussion in the final report also now acknowledges the implications of Direct to Consumer marketing of genetic tests regarding online privacy. The final report also reflects generally increased attention to privacy issues.

Health Care Innovations workshop — The World Privacy Forum will be speaking at an upcoming FTC workshop on the topics of medical identity theft, personal health records, and direct-to-consumer genetic tests and marketing. The workshop is April 24, 2008. Workshop information is available at the FTC web site.

Behaviorally targeted advertising | FTC proposed rules — The World Privacy Forum filed comments in response to the Federal Trade Commission’s proposed self-regulatory guidelines for companies targeting online advertising to consumers based on consumer behaviors. The WPF requested a separate, formal rulemaking process for determining how sensitive medical information should be handled online regarding behaviorally targeted advertisements. The WPF also discussed genetic data and requests for genetic tests, and noted that genetic information should be included in any definition of sensitive medical information. The WPF reiterated that the definition of personally identifiable information should include IP address, and encouraged the FTC to work from a rights-based approach regarding online advertising. The WPF also urged the FTC to include all fair information practices in any self-regulatory regime, and to enforce the regime directly.

Patient Safety Organizations | Proposed rulemaking — The World Privacy Forum filed extensive comments today regarding privacy protections for patients whose health care information will be shared with patient safety safety organizations under newly proposed Department of Health and Human Services regulations. After a landmark Institute of Medicine report on the prevalence of medical errors and their harmful impact on patients (To Err is Human), the U.S. Congress eventually passed the Patient Safety Act (2005). The Patient Safety Act allows extensive health care data of patients to go to patient safety organizations. The idea is to provide a form of quality control. The Agency for Heathcare Research and Quality (AHRQ), part of HHS, has published its proposed regulations implementing the Act. The World Privacy Forum has made 14 recommendations for substantive changes in the proposed rules to protect patient privacy. The World Privacy Forum asked the Agency to expressly mandate that all patient data be de-identified or anonymized to the greatest extent possible, that the proposed rule should expressly require data use agreements for any data sharing, that the patient information be labeled as subject to the Patient Safety Act, and strongly urged that patient safety organizations be required to maintain an accounting of disclosures at least equal to HIPAA, among other recommendations.

Medical ID theft — Based on interviews with numerous victims and others involved in the crime of medical identity theft, and based on our own work with victims, the World Privacy Forum has added some new information to its 2006 consumer tips for medical identity theft. We have also slightly updated some of the older tips based on new information. The Forum has also updated its medical identity theft landing page to reflect our new and ongoing work in this area.