This page lists a few resources that may be useful. I expect to expand the offerings here slowly.
• Personal Health Records: Why Many PHRs Threaten Privacy. I wrote this report for the World Privacy Forum to show that PHRs can have significant negative consequences for the privacy of consumers who authorize the maintenance of their health records by PHR vendors. Many, if not most, PHRs are not subject to the HIPAA health privacy rule. Any consumer who agrees to put his or her health records in a PHR -- especially one that is a commercial, advertising-supported PHR -- is risking the loss of the information in those records to marketers, advertisers, and others. The report is here and an accompanying consumer advisory is here.
Significant privacy consequences of PHRs not covered under HIPAA can include:
• Health records in a PHR may lose their privileged status.
• PHR records can be more easily subpoenaed by a third party than health records covered under HIPAA.
• Identifiable health information may leak out of a PHR into the marketing system or to commercial data brokers.
• In some cases, the information in a non-HIPAA covered PHR may be sold, rented, or otherwise shared.
• It may be easier for consumers to accidentally or casually authorize the sharing of records in a PHR.
• Consumers may think they have more control over the disclosure of PHR records than they actually do.
• The linkage of PHR records from different sources may be embarrassing, cause family problems, or have other unexpected consequences.
• Privacy protections offered by PHR vendors may be weaker than consumers expect and may be subject to change without notice or consumer consent.
• Fair Information Practices: A Basic History. I prepared a short history of Fair Information Practices that provides essential text, background, citations, and a touch of analysis. It was originally intended to be for Wikipedia, but the process for submission was unattractive. Revised January 3, 2008. The paper is here.
• Privacy for Research Data. I prepared a paper for the Panel on Confidentiality Issues Arising from the Integration of Remotely Sensed and Self-Identifying Data of the National Research Council. The paper attempts to describe privacy rules in the three most important areas relevant to research uses of information involving remotely-sensed and self-identifying data. The three issues are: (1) When is information sufficiently identifiable so that privacy rules apply or privacy concerns attach? (2) When does the collection of personal information fall under regulation? and (3) What rules govern the disclosure of personal information? The paper appears at Appendix A in the Panel's report: Putting People on the Map: Protecting Confidentiality with Linked Social-Spatial Data (2007) <http://books.nap.edu/catalog.php?record_id=11865>.
• Consent for Disclosure of Health Records: Lessons from the Past (2007). A 1998 Maine health privacy law that required written consent for many health disclosures was so unpopular and impractical that the legislature suspended the law shortly after it took effect. Many of the law’s requirements for written consent were later replaced with expanded authority for nonconsensual disclosures. I wrote this short paper to provide a review of the history of the Maine law. The paper is hosted at a discussion forum of the World Privacy Forum's website here. The paper itself is here.
• Personal Health Records (2007). Joseph Turow, Judith Turow, and I wrote two pieces on privacy and other implications of personal health records. One was for the American Medical Association's Virtual Mentor (Personalized Marketing of Health Products the 21st Century Way, available here), and the other appeared in the San Francisco Chronicle, Why Marketers Want Inside Your Medicine Cabinet (March 5, 2007), available here.
• Testimony on Health Privacy Studies (2006). The National Committee on Vital and Health Statistics (Department of Health and Human Services) held a hearing on November 30, 2006, on approaches to studying the HIPAA Privacy Rule. In my testimony (available here), I argued that privacy is a fundamental part of health care. There is no need to study the value of privacy. I also said that focusing on privacy knowledge of consumers or the costs of HIPAA would not be productive. I suggested instead that the committee look at privacy issues for health information networks. I proposed four areas of study:
• Medical ID theft report (World Privacy Forum, 2006). This report on the problem of the stealing of medical identities was conceived of, researched by, and written by Pam Dixon of the World Privacy Forum. It was her brilliant insight and pioneering research that brought this hidden and significant problem to public attention. I contributed in minor ways. Available at <http://www.worldprivacyforum.org/pdf/wpf_medicalidtheft2006.pdf>.• Medical Identity Theft. A health information network is an identity thief’s dream.
• Health Scores. I expect that a health network will contribute to the development of individual and family health scores that, like credit scores, will be used to make decisions about people.
• Surveillance Capabilities of Health Information Networks. If a network contains information about medical appointments, it can be used by the police to find and detain anyone with an outstanding warrant, overdue tax bill, questionable immigration status, or overdue library book.
• Preemption. Neither totally preemptive federal health privacy legislation nor a patchwork quilt of stronger state laws will work in a networked environment. We need to find a middle ground that recognizes structural state legislation while providing greater uniformity in a networked environment. Laws protecting psychiatric, substance abuse, HIV, and genetic information must be accommodated.
• FAQs for victims of medical ID theft (World Privacy Forum, 2006). This FAQ tells victims of medical identity theft how they can use the HIPAA health privacy rule to determine the scope of the problem and to correct their health records. I did much of the work on this resource, along with Pam Dixon. Available at <http://www.worldprivacyforum.org/FAQ_medicalrecordprivacy.html>.
• Trafficking in Health Information: A Widespread Problem (Updated 2006). I prepared this short history of investigations that exposed widespread trafficking in health records by insurance companies, investigative firms, and others. It includes some discussion of how pretexting has been used to obtain health records. Investigations in the United States, Canada, and Great Britain dating back as far as the 1970s and as recently as 2006 show similar illicit activities. Available here. Updated August 2006 and April 2007.
• The American Way of Privacy (2005). In November 2005, the French National Commission for Information Technologies and Liberties (CNIL), French Senate, and University Paris II held a symposium on Information Technologies: Servitude or Freedom? I presented a paper titled The American Way of Privacy that was later published by the symposium sponsors in French under the title L’approche Américaine: la Régulation par le Congrès, le Marché et le Juge. My original English version is available here.
• Health Privacy Bibliography: This bibliography is a bit old (2003), but it may identify a document, hearing, or article on health privacy that you didn't know about. Available here.
• Privacy: Finding A Balanced Approach to Consumer Options: This short paper I wrote in 2002 discusses consumer choice regarding secondary use of personal information and considers application of opt-in or opt-out rules for determining how personal information can be used and disclosed. Available here.
• Fair Information Practices: A classic statement of Fair Information Practices is reproduced here for reference and convenience. Fair Information Practices are core standards for the privacy of personal information and are based on American and international sources.
• The Privacy of Health Information and the Challenge for Data Protection, Eighth International Conference of the Observatory "Giordano Dell'Amore" on the Relations Between Law and Economics, Stresa, Italy (May 1997), available here. In this paper, I introduce the "paradox of informed consent" for the disclosure of health records. While it predates the HIPAA health privacy rule, the paper remains relevant to debates over the role of consent in health care disclosures. The paradox of informed consent shows the severe limits of controlling health information using patient consent.