Health Privacy

Genetic Privacy — The World Privacy Forum filed public comments with the Department of Health and Human services in response to an HHS request for information regarding the use of patients’ genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests.

Identity Theft — The World Privacy Forum filed comments and recommendations with the President’s Identity Theft Task Force. The task force’s draft report and recommendations did not include or contemplate medical identity theft solutions for victims; the WPF has requested and recommended that this be corrected. Medical identity theft victims need more help, more recourse, and agency attention.

Medical privacy | Medicare Part D — In comments filed with the Centers for Medicare and Medicaid Services, the World Privacy Forum requested that CMS give effect to data restrictions that Congress has expressly included in the law. WPF also requested that CMS include in its standard agreements for use of CMS data a requirement that the recipient obtain a certification of confidentiality for all identifiable CMS data. WPF also requested that CMS perform a regulatory impact analysis and publish a system of records notice.

Identity theft | medical identity theft — The World Privacy Forum filed comments with the Federal Trade Commission, the Treasury, and other federal agencies today regarding the joint draft rule on “Red Flags” for identity theft. In its comments, the World Privacy Forum requested that medical identity theft be added to several aspects and portions of the proposed rule. Adding medical identity theft to the rule is essential to help close gaps in protection for consumers and to encourage health care providers to attend to victims’ challenges and needs regarding medical identity theft.

The collection of DNA material from 500,000 to 1,000,000 or more individuals as part of a large U.S. medical research project raises many challenging ethical, legal, and privacy issues. An advisory committee reporting to the Office of the Secretary of Health and Human Services ( the Secretary’s Advisory Committee on Genetics, Health and Society) has published a detailed analysis of the issues such a project would raise in a draft report. The committee’s final report and policy recommendations will be submitted to the Secretary of HHS. The World Privacy Forum has submitted public comments on the draft report; the comments include key policy recommendations. The Forum’s recommendations include the need to provide protection from compelled disclosure of information, the necessity for a full-time project privacy officer with enforcement power, and the need for a far-reaching and robust privacy policy that exceeds the requirements of HIPAA, among other recommendations.