Health Privacy

About health privacy, World Privacy Forum key health privacy resources

The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues. 

Some of our most frequently accessed health privacy resources include:

* A Patient’s Guide to HIPAA

* Medical Identity Theft Page (resources, reports, more)

* Health privacy tagged materials 

* HIPAA tagged materials 

* Electronic Health Records tagged materials 

* Common Rule and Human Subject Research Protection tagged materials

* Genetic privacy tagged materials 

We have many more publications and resources. For a full list of topics and publications, see our key issues page.

See below for health privacy news and content by date.

The FDA needs to set privacy standards to protect patients in drug risk programs

FDA privacy standards – RiskMAPs – World Privacy Forum executive director Pam Dixon testified at an FDA/AHRQ joint public workshop about the need for the FDA to set robust privacy standards for drug risk minimization programs, which are put in place for drugs the FDA has determined to be high risk in some way. Drug risk minimization programs (like the iPledge program for the acne drug Accutane) are not typically covered by HIPAA, and some programs have a privacy policy that allows marketing use of patient information collected as part of the risk program. This kind of marketing activity would not be allowable if the programs fell under HIPAA, and Dixon’s testimony stated that patients in these programs should have the same kinds of privacy protections as HIPAA covered programs, and that marketing activities involving patient information should not be allowable in these programs.

World Privacy Forum files public comments and recommendations on pharmacogenomics privacy: all patient-specific PGx research should require certificates of confidentiality

information will expand greatly in the future. In public comments filed with the National Institutes of Health on pharmacogenomics (PGx) research, or research using genetic information to create highly personalized medicine, the World Privacy Forum recommended that all research activities that involve any type of patient-specific genetic information be required to have certificates of confidentiality, whether that information appears identifiable or not. The WPF also urged the NIH to require strong data use agreements to protect individuals’ privacy. The WPF also urged NIH and the Department of Health and Human Services to reinstate the position of “privacy advocate” so as to provide oversight in this area.

Update: World Privacy Forum’s National Health Information Network Timeline

National Health Information Network — Recently, the first live prototypes of the NHIN were demonstrated in Washington, D.C. This was a milestone event in the development of the planned network. The National Health Information Network is an ambitious project the U.S. government undertook in 2004 to digitize and network patient health records across the nation. This project raises challenging confidentiality, privacy, and security issues.

World Privacy Forum testifies on genetic privacy and consumer data marketing issues

Genetic privacy | SACGHS — The World Privacy Forum gave testimony to the Secretary’s Advisory Committee on Genetics Health and Society regarding privacy issues stemming from direct-to-consumer advertising and consumer-initiated genetic testing. The World Privacy Forum noted that a great deal of consumer health data circulates outside the protections of HIPAA, and a substantial market for this kind of consumer health data already exists. Genetic data about consumers that is acquired outside the clinical context and is not subject to the protections of HIPAA (for example, through consumer-initiated genetic testing) will likely not be any more protected than other forms of consumers’ health-related information from the current demands of the market. However, the consequences of leakage of genetic information about consumers into the marketing stream could have potentially negative consequences for both those consumers and their blood relatives. The World Privacy Forum urged the committee to include specific recommendations about privacy in its upcoming report to the Secretary, and also urged the committee to work with other federal agencies to set up a pre-market oversight structure that includes significant and meaningful privacy protections for genetic testing occurring outside of the protections of HIPAA.

World Privacy Forum comments about the ethical, legal, and social implications of using genetic health care data in electronic health records

Genetic Privacy — The World Privacy Forum filed public comments with the Department of Health and Human services in response to an HHS request for information regarding the use of patients’ genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests.