U.S. Department of Health and Human Services

Dec 04 2009

Public Comments: December 2009 – Genetic Information Nondiscrimination Act of 2008, GINA NPRM

The World Privacy Forum filed comments on proposed regulations for implementing Title I of GINA, the Genetic Non-Discrimination Act. The WPF requested a change to the proposed regulations, asking the Department of Health and Human Services require immediate posting of revised notices of privacy practices on the web sites of affected health plans. Under the proposed regulations, written notice of revised privacy practices to individuals could be delayed due to the cost of postal mailing. The WPF noted that a revised privacy notice posted on a health plan’s web site would not incur postal costs, and that regulated entities should take this minimum step to inform consumers of any changes regarding privacy practices affecting genetic non-discrimination.

Oct 26 2009

Medical data breach rule needs more work; World Privacy Forum files comments with HHS requesting changes

Data Breach | HHS HITECH Breach Notification — The World Privacy Forum filed comments on the HHS data breach rulemaking and asked for substantive changes in several areas. In particular, WPF asked HHS to expressly state a requirement for a breach risk assessment in the final rule itself, and to set a requirement that the risk assessment must be conducted by an independent organization. The WPF also asked that HHS set breach risk assessment standards so that there is some uniformity and guidance as to what constitutes an appropriately rigorous risk assessment when a breach occurs. In the comments, WPF also discussed the relationship between medical identity theft and medical data breach and how this impacts patients and consumers.

Oct 23 2009

Public Comments: October 2009 – WPF files comments with HHS requesting changes

The World Privacy Forum filed comments on the HHS data breach rulemaking and asked for substantive changes in several areas. In particular, WPF asked HHS to expressly state a requirement for a breach risk assessment in the final rule itself, and to set a requirement that the risk assessment must be conducted by an independent organization. The WPF also asked that HHS set breach risk assessment standards so that there is some uniformity and guidance as to what constitutes an appropriately rigorous risk assessment when a breach occurs. In the comments, WPF also discussed the relationship between medical identity theft and medical data breach and how this impacts patients and consumers.

Aug 19 2009

Health IT standards meeting

Health IT — The Health IT Standards Committee will be meeting tomorrow, August 20, from 9 a.m. to 3 p.m. in Washington DC. Those interested in this meeting can participate in person, or via the phone and web. The privacy and security workgroup will report at 1:30 pm Eastern. Location and call-in information is available at the HHS web site.

May 21 2009

Public Comments: May 2009 – WPF files comments with HHS regarding data breach guidance

The World Privacy Forum filed comments with the Department of Health and Human Services today regarding the HITECH Act guidance that HHS published along with a request for comments. The Forum urged the Department to tighten its proposed guidance, and to add more protections, oversight, and rules for “limited data set” breaches.

New Report – Without Consent: An analysis of student directory information practices in U.S. schools, and impacts on privacy

Without Consent is the first major benchmarking privacy report to examine school directory information practices and related privacy issues in a multi-year study across more than 5,000 schools at the primary, secondary, and postsecondary levels. The research found troubling and challenging student privacy problems that need to be urgently addressed. The report contains extensive findings and recommendations regarding student privacy, and includes best practices, sample forms, and resources for schools, parents, and students.
Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy

Download PDF Download ePub Donate Credits → Version 2.0...
Report: The Geography of Medical Identity Theft

This new WPF report finds that medical identity theft is still a crime that causes great harms to its victims, and that it is growing overall in the United States; however, there’s a catch. The national consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.” These hotspots are important for patients, policymakers, and healthcare stakeholders to know about so as to address potential risks.