Health Privacy World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics

Health Privacy

About health privacy, World Privacy Forum key health privacy resources The World Privacy Forum is extremely active in health privacy, with a long and successful track record of work in this area. We have done groundbreaking work in the area of medical identity theft, as well as substantive analysis and education on critical privacy aspects of health data such as medical research, genomics, and many other issues. Some of our most frequently accessed health privacy resources include: * A Patient’s Guide to HIPAA * Medical Identity Theft Page (resources, reports, more) * Health privacy tagged materials * HIPAA tagged materials * Electronic Health Records tagged materials * Common Rule and Human Subject Research Protection tagged materials * Genetic privacy tagged materials We have many more publications and resources. For a full list of topics and publications, see our key issues page.

See below for health privacy news and content by date

Aug 31 2022

WPF advises Secretary’ s Advisory Committee on Human Research Protection regarding its proposed AI Framework

AI Food and Drug Administration (FDA) Health Privacy Human Subject Research Protection U.S. Department of Health and Human Services WPF recently reviewed and provided recommendations regarding a proposed AI Framework meant to apply to medical research involving human subjects. The issue of human subject research is a critically important one. In the US, The Common Rule (45 CFR subpart A) is a key regulation that protects people from unethical medical research. As research utilizing tools such as AI and SaMD — software as a medical device — grows in use, there is an urgent need to determine the proper ethical, legal, and regulatory framework for the use of these tools in the human subject research context. For this reason, WPF was pleased to review and provide recommendations to the Secretary’s Advisory Committee on Human Research Protections, SACHRP, on its proposed AI Framework. May 18 2022

HIPAA Compliant or HIPAA Covered

Genetic Privacy Health Privacy Health Records HIPAA One of the most common questions we receive is: what does HIPAA compliant mean? Well.. If a company or entity or health app is not covered by HIPAA, it may still say that it is “HIPAA compliant.” HIPAA compliant does not mean the same thing as being a HIPAA- covered entity. If you see the Dec 07 2021

WPF advises OSHA re employee vaccination information

COVID-19 Digital Health Ecosystems Electronic Health Records Health Privacy Health Records OSHA Personal Health Record (PHR) The U.S. Occupational Safety and Health Administration (OSHA) has published its proposal regarding how employee vaccination information will be treated by employers. WPF’s analysis has found a meaningful loophole in privacy protections, and has proposed a remedy to OSHA. Sep 15 2021

WPF urges HHS National Vaccine Advisory Committee to extend privacy protections of vaccination information

COVID-19 Health Privacy Health Records Public Health In public testimony September 15, 2021, WPF’s Executive Director urged the Department of Health and Human Services National Vaccine Advisory Committee Committee to establish broadened protections for covid-19 vaccination data, including extending the existing CDC Guidance (from May 2021) prohibiting commercial marketing use of vaccination registration information or other vaccination data. The intersection between HIPAA privacy regulations Aug 13 2021

WPF supports CDC guidance prohibiting use of vaccine recipients’ data for commercial marketing purposes urges that protections are extended to proof of vaccination systems

COVID-19 Health Privacy Health Records HIPAA HIPAA Waiver WPF’s Executive Director spoke today before the US Center For Disease Control’s ACIP Committee regarding privacy protections for vaccine recipients’ data. WPF supported the CDC’s prohibition on the use of vaccine recipient data for commercial marketing purposes. The CDC’s Vaccination Program Provider Requirements, published in May 18, 2021, specifically prohibits the commercial marketing use of 12345102030Next Page »34 WPF updates and news CALENDAR EVENTS

WHO Constituency Meeting WPF co-chair

6 October 2022, Virtual

OECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy

4 October 2022, Paris, France and virtual

OECD Committee on Digital and Economic Policy fall meeting WPF participant

27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum·7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence... Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process. COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.