In comments to the Health and Human Services Department (HHS), EPIC opposed proposed changes to the HIPAA Privacy Rule reducing restrictions on disclosing patients’ Protected Health Information (PHI). HHS's proposed rule would expand the entities that can receive PHI without patient consent, lower the standard for disclosing PHI in the process of care coordination, and specifically authorized certain non-consensual disclosures of PHI for patients with mental illness and substance abuse disorders. EPIC argued that the modifications will expose patients to greater risk of data breach and increase barriers to receiving care for stigmatized populations without providing benefits to patients. Recently, EPIC Executive Director Alan Butler and Counsel Enid Zhou published a paper in the American University Law Review analyzing the increased collection of health data during the Covid-19 pandemic.
The White House has launched AI.gov, the new website of the National Artificial Intelligence Initiative Office featuring reports, policy priorities, and news about artificial intelligence from across the federal government. The site lists "Advancing Trustworthy AI" and "International Cooperation" as two of six top priorities for federal AI policy, embracing the Organization for Economic Cooperation and Development AI Principles and the G20 AI Principles. EPIC has urged both the White House and Congress to prioritize human rights over AI adoption and has recommended the OECD Principles and the Universal Guidelines for Artificial Intelligence as baseline frameworks for regulating AI and mitigating algorithmic harms. EPIC has also fought for transparency in AI policymaking, successfully suing the National Security Commission on Artificial Intelligence to enforce its public records and open meetings obligations.
Through a Freedom of Information Act request to the Department of Homeland Security, EPIC obtained records circulated in a 2018 election security meeting with members of the U.S. House of Representatives. On May 22, 2018, then-DHS Secretary Kirstjen Nielsen, then-Federal Bureau of Investigation Director Christopher Wray, and then-Director of National Intelligence Dan Coats held a classified briefing for members of Congress informing them of the risks to the election process and steps the administration was taking to assist state officials in ensuring election security. The briefing materials include charts on election infrastructure cyber risk scenarios and cybersecurity considerations, as well as compiled anecdotes of the DHS's engagement with state election security officials. These anecdotes highlighted how states have taken efforts to strengthen their election systems for the 2018 mid-term elections, including some states taking up the voluntary election security resources from DHS. EPIC sued the DHS for records about the agency’s assessment of election vulnerabilities following the 2016 presidential election and its ongoing role in protecting election systems as critical infrastructure. The agency released hundreds of pages of records to EPIC about its role in election cybersecurity, with records revealing the agency's rocky initial involvement in election security following its 2017 designation of election infrastructure as critical infrastructure and how far the agency has come since then. The case is EPIC v. DHS, 17-2047 (D.D.C.).
