About health privacy, World Privacy Forum key health privacy resources
The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues.
Some of our most frequently accessed health privacy resources include:
* A Patient’s Guide to HIPAA
* Medical Identity Theft Page (resources, reports, more)
* Health privacy tagged materials
* HIPAA tagged materials
* Electronic Health Records tagged materials
* Common Rule and Human Subject Research Protection tagged materials
* Genetic privacy tagged materials
We have many more publications and resources. For a full list of topics and publications, see our key issues page.
See below for health privacy news and content by date.
Consumers can learn about Medical Identity Theft, what how to avoid it, and what actions to take if you are a victim.
In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
Common Rule | Health Privacy — The World Privacy Forum filed extensive comments with the US Department of Health and Human Services about its proposed changes regarding the rules governing human subject medical research. In the comments, WPF noted that the HHS approach to privacy for research subjects was incomplete and did not use all Fair Information Practices. WPF strongly urged HHS to revise its proposal on a number of issues, including consent and the use of biospecimens in research. The World Privacy Forum is urging HHS to acknowledge that the realm of health data that is truly non-identifiable has shrunken remarkably, for example, biospecimens with DNA cannot be considered non-identifiable anymore. “In our comments, we are requesting that HHS give individuals the opportunity to make choices about the use of their own health data and specimens,” said Executive director Pam Dixon. WPF also stated in its comments that “A central database with identifiable information about participants in human subjects research is a terrible idea.” (See p. 21 of WPF comments.)