• *Zones of Privacy: Who can see and use your medical records?
• *The Elimination of Consent: How HIPAA evolved between its introduction in 1996 and the “Privacy Rule”
• *Evidence of Disclosure: The Sharing, Selling, Re-selling and Unauthorized Use of Our Personal Health Information
• “The Case for Consent: Why it is Critical to Honor What Patients Expect: for Health Care, Health IT and Privacy.” White Paper by Patient Privacy Rights
• Data on Demand: Two companies dominate the field of selling prescription information to insurance companies: Medpoint & Intelliscript
• People Who Will Be Hurt because their medical records are no longer private
• A Bouncing Baby Boy #2976-483: A comic from the Center for American Progress
• True Stories: A PDF of health privacy violations from the Health Privacy Project

• *Invasive Info: CNN’s Elizabeth Cohen shows how your medical records could be easily accessed.
• *EMR vendor (Perlegen) to share patient data with genetics research Firm
• *Peel on Perlegen
• *Taking Medical Records to the Bank: Journal of the American Health Information Management Association’s May 2008 Cover Story on Health Record Banks
• Anti-Discrimination Bill Inadvertently Legalizes Sharing of Genetic Information Without Patient Consent: from The Institute for Health Freedom by Sue Belvins
• Stay Out of My EMR: Patient Privacy Rights is featured in Healthcare Informatics
• To View older news articles, or to search articles by year or interest, please visit our News Stories Archive

• “The Case for Consent: Why it is Critical to Honor What Patients Expect: for Health Care, Health IT and Privacy.” by Patient Privacy Rights, August 2010
• Myths and Fallacies of “Personally Identifiable Information,” by Arvind Narayanan and Vitaly Shmatikov, Viewpoints, June 2010
• “Improve Privacy in Research by Eliminating Informed Consent? IOM Report Misses the Mark,” Journal of Law, Medicine, & Ethics, (2009): 507-512. Report by Mark A. Rothstein
• Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, Paul Ohm, August 2009.
• HIMSS 2009 Security Survey : See how healthcare organizations are not so ready for privacy and security challenges.
• On Progress and Privacy: Protecting Patient Confidentiality in Electronic Medical Records, Cristy Dwyer, April 22, 2009.
  • See also the blog: Privacy, Security, Freedom in the 21st Century
• Data Hemorrhages in the Health-Care Sector, M. Eric Johnson, February 2009
• The 2008 Health Confidence Survey: Rising Costs Continue to Change the Way Americans Use the Health Care System – from Employee Benefit Research Institute (EBRI)
• Preserving The Right to Privacy Is Essential For Successful Health Care Reform, James C. Pyles, November 12, 2008
• GAO Report, June 2008 — Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains
• *HIPAA Enforcement Statistics — Report from Health and Human Services’ Office of Civil Rights
• GAO Report: 6/18/08 — Privacy: Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
  • View the Hearing the U.S. Senate Committee on Homeland Security and Governmental Affairs had on this subject.
• GAO Report: 2/14/08 — HIT: HHS Is Pursuing Efforts to Advance Nationwide Implementation, but Has Not Yet Completed a National Strategy
• NCVHS Report: 12/07 — Recommending that Americans have no control over any “secondary” uses of PHI
• SACGHS Draft Report: 11/5/07 — Oversight of Genetic Testing
• Altarum Study: 1/5/07 –A Review of the Personal Health Record (PHR) Service Provider Market: Privacy and Security
• Radio Frequency ID Devices in Humans – a report focusing on the ethical issues in the use of RFID chips
• Health Research Data for the Real World: The MarketScan Databases, Thomson Medstat, January 2006
• Two Papers by Latanya Sweeney on De-Identifying and Re-Identifying Data
  • Strategies for De-Identifying Patient Data for Research, 1998-2005
  • How (Not) to Protect Genomic Data Privacy in a Distributed Network: Using Trail Re-identification to Evaluate and Design Privacy Protection Systems, April 2004
• Information Explosion, 2001 — Examination of the tremendous growth in information being collected on individuals, Latanya Sweeney, Ph.D.

• What Two Decades of Surveys Tell Us About Privacy and HIT Today, Presentation by Alan Westin, Keynote Address for Getting IT Right: Protecting Patient Privacy Rights in a Wired World, June 13, 2011
• Toward Segmentation, PowerPoint prepared by Lee Tien, Electronic Frontier Foundation, for Getting IT Right: Protecting Patient Privacy Rights in a Wired World, June 13, 2011
• SXSW 2010 Interactive Festival: Opening Remarks: Privacy & Publicity, Dana Boyd explains what privacy is and why it is important
• The Privacy Imperative on Health IT: Listen to Deborah Peel, MD as you view her keynote “View from the Top” slide presentation from the 2008 HIMSS Conference
• New RWJF Podcast Series Looks at the Power of Personal Health Records — Deborah C. Peel, MD speaks on the need for privacy in PHRs at the end of Part 1 of the Podcast.
• IOM Workshop Presentation by Alan Westin — February 28, 2008, Washington, DC”How the Public Sees Health Research and Privacy Issues”
• Dan Rather Reports: Charging Into a Recession — Interview with Deborah Peel on data banks and privacy. May 13, 2008
• Patient Privacy Rights Testifies Before Congress on Health IT Legislation
• More…

More Presentations..

More Interviews…

• Testimony of Peter Orszag before the Subcommittee on Health Committee on Ways & Means, U.S. House of Representatives: Evidence on the Costs and Benefits of Health Information Technology, July 24, 2008
• The ONC-Coordinated Federal Health IT Strategic Plan: 2008-2012, June 3, 2008
• HiMSS Matrix on HIT Legislation including sponsor(s), an overview, and a privacy and security summary
• The Scope of Liability for Violating HIPAA
• ‘TRUST’ Act, HR 5442 — “Technologies for Restoring Users’ Security and Trust in Health Information Act of 2008″ Introduced in the 110th Congress, 2nd Session. Has been referred to multiple committees.
• Summary of the ‘TRUST’ Act — Section by section.
• Health Insurance Portability and Accountability (HIPAA) Public Law 104-191 — August 21, 1996 –as passed by the 104th Congress
• Summary of the HIPAA Privacy Rule by Office for Civil Rights (HHS) from the Office For Civil Rights Summary of the HIPAA Privacy Brief April 11, 2003 – HIPAA Compliance Assistance
• State Security Breach Notification Laws involving personal information as of December 12, 2007
• Electronic Communications Privacy Act (ECPA), H.R. 4952
• Title 42, Chapter 1, Part 2 — Public Health Service, Department of HHS: Confidentiality of Alcohol and Drug Abuse Patient Records
• Testimony of Deborah C. Peel, April 16, 2002 — For the Senate HELP Committee Hearing on Medical Privacy
• Bartnicki et al. v. Vopper, aka Williams, et al. May 21, 2001 — Court case which states that stolen records can be published.

• Health Record Banking Alliance – Explanation of HRBs including a Narrated Description
• Health Privacy Project - Summaries of State Laws
• National Conference of State Legislatures – State Security Breach Notification Laws
• Citizens Against Medical Information Offshoring
• Attrition.org, datalossdb.org – Data concerning the loss or theft of personal information, some of which affect medical or health privacy
• PHIPrivacy.net – News on Breaches of PHI and commentary
• PogoWasRight.org – Privacy news, data breaches, and privacy related events and resources from around the world.
• EPIC – Electronic Privacy Information Center – Medical Privacy
• Privacy ‘08 – The eight main privacy issues from the 2008 election, Patient Privacy among them

• Much Ado About Data Ownership, by Barbara J. Evans, Harvard Journal of Law & Technology, Vol. 25 (forthcoming 2011)
• “The Case for Consent: Why it is Critical to Honor What Patients Expect: for Health Care, Health IT and Privacy.” White Paper by Patient Privacy Rights, August 2010
• Why opt-out is not good public policy, by William A. Yasnoff, MD, PhD, March 27, 2010
• What ‘Patient-Centered’ Should Mean: Confessions of An Extremist, by Donald M. Berwick, May 19, 2009
• Demand Your dotRIGHTS: A short video on how much information THEY have on YOU
• Myths, Facts and Law About Health IT and the Right to Health Information Privacy
• *Patient Privacy Toolkit: Forms, information, and ways to take action to protect your personal health information.
• *Examples of the Sale of Americans’ Personal Health Information
• Letter to Senators by the Mental Health Liaison Group — July 17, 2007 — alerting them on privacy and security concerns of individual health records during the development of national interoperable HIT.
• Technical Glossary of terms used in discussions of patient privacy, such as HIPAA, Privacy Rule, and “Covered Entity”
• True Stories of people whose medical privacy was violated.
• Letter from EPIC to Senator Markey discussing the “HITEC” draft bill
• Promoting Innovation and Competitiveness: President Bush’s Technology Agenda
  • Today the President announced an ambitious goal of assuring that most Americans have electronic health records within the next 10 years.
  • “These electronic health records will be designed to share information privately and securely among and between health care providers when authorized by the patient.”
• Definitions of Privacy – From privileged: privacy in law, ethics and genetic data