U.S. Department of Health and Human Services

WPF advises Secretary’s Advisory Committee on Human Research Protection regarding its proposed AI Framework

WPF recently reviewed and provided recommendations regarding a proposed AI Framework meant to apply to medical research involving human subjects. The issue of human subject research is a critically important one. In the US, The Common Rule (45 CFR subpart A) is a key regulation that protects people from unethical medical research. As research utilizing tools such as AI and SaMD — software as a medical device — grows in use, there is an urgent need to determine the proper ethical, legal, and regulatory framework for the use of these tools in the human subject research context. For this reason, WPF was pleased to review and provide recommendations to the Secretary’s Advisory Committee on Human Research Protections, SACHRP, on its proposed AI Framework.

WPF urges HHS to clarify the harms of medical identity theft for victims

WPF has urged HHS to clarify the intersection between HIPAA compliance and harms resulting from medical identity theft in its response to the Request for Information from the Office of Civil Rights of the Department of Health and Human Services regarding implementation of the HITECH Act. WPF has a long history of work on the issue of medical identity theft, which has informed its response to HHS.

HHS makes significant changes to COVID-19 reporting process

The Department of Health and Human services has announced major changes for hospitals’ COVID-19 data reporting processes. HHS has also made changes to the types of data that hospitals must report, expanding the data collection. This includes new information requests for disaggregated information about adult and pediatric patients, to name a few of the changes. The reporting requirements do contain patient flows, but there are still unknown aspects to the new COVID-19 reporting requirements regarding individual-level data and certain privacy considerations.

May 19, 2020 WPF Statement regarding HHS Secretary’s Section 1135 COVID-19 HIPAA Waiver

This statement discusses a 72-hour “statutory waiver” of 5 basic HIPAA rights (including the right to confidential communications). The waiver is triggered by the Secretary of HHS and applies for a 72-hour period beginning upon implementation of a hospital disaster protocol. This statement discusses this waiver, what it is, what is means, who is impacted, and our recommendations.

April 15, 2020 WPF Statement on the COVID-19 Community Based Testing Sites HIPAA Waiver

In response to the COVID-19 (coronavirus) pandemic, the U.S. Department of Health and Human Services announced a HIPAA waiver April 9, 2020 regarding Community Based Testing Sites, which waives enforcement of all HIPAA privacy and security protections and data breach rules from some health care activities affecting COVID-19 testing.  This statement from WPF includes the following information:  
-What are the changes the Community Based Testing Sites HIPAA waiver creates? 
-What are the privacy concerns? 
-WPF recommendations to correct the privacy problems in the Community Based Testing Sites HIPAA waiver  
-Background on HIPAA waivers and a list of all current waivers in force