September 1, Washington, DC -- CDT will co-sponsor a roundtable discussion on a new federal consumer privacy bill, the Best Practices Act. Introduced by Rep. Bobby Rush, the bill is the most sophisticated effort yet to define privacy rights in personal data collected online and off. Does the bill adequately balance protection with flexibility? What impact would it have on current business practices and innovation? Is this the likely direction for government regulation? The roundtable will consider these and other questions.
The session is scheduled for 10:00 AM - 2:00 PM Eastern, 7:00 - 11:00 AM Pacific. In Washington, DC, it will be held at the offices of Hunton & Williams, 1900 K Street NW. In San Francisco, satellite video conferencing will be available at the offices of Hunton & Williams, suite 3700, 575 Market St.
With personal health information moving online, health privacy is one of CDT's major areas of research, advocacy and policy development. This week, Tech Policy Download examines two of the many rules on health privacy being considered by the Department of Health and Human Services as it struggles to update its regulations.
Harming Your Health Privacy
In 2009, Congress adopted a law requiring hospitals, insurance companies and others to notify patients when their health records are lost or stolen. However, when HHS issued a rule last year to implement this new "breach notification" law, it adopted a standard that gave record custodians too much discretion to decide that notice was not necessary. The rule said that notice had to be given only if the patients faced a significant risk of harm from the breach, and it left it solely up to the health care provider to assess the risk.
CDT and other privacy advocates argued that the harm standard was too subjective, especially in the context of health data. CDT has been pressing HHS for a more objective standard and one more sensitive to a wider range of harms. This week, the New York Times reported that the Administration was reconsidering its position; the article quotes Deven McGraw, director CDT's Health Privacy Project.
Do the Dead Have Privacy Rights?
On July 14, the Department of Health and Human Services (HHS) officially issued a major set of proposed revisions to federal rules on the privacy of health information, the security standards for electronic health data, and privacy enforcement. The purpose of the changes is to implement the federal HITECH Act adopted last year. Most of the proposed modifications are quite positive from a privacy perspective.
However, one item buried in the proposed rule would reverse years of policy by terminating privacy protections for health records of people after they have been dead for 50 years. CDT believes this particular change would be unwise. Even 50 years after someone dies, his health data could be misused to draw inferences about the genetics or predispositions of his descendants, with unpredictable and uncontrollable consequences.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.