Monday, February 26, 2007

Federal Health IT Advisor Quits Over Privacy

Though not a critical blow, the resignation of Paul Feldman is clearly an indication that the definition and integration of privacy policies in the coming national healthcare infrastructure are lacking.

Monday, February 12, 2007

FBI Losing Laptops....And Firearms?

CNN is reporting that the FBI has admitted to losing laptops with classified, as well as identifying, information. Now, there's no proof that the information in these laptops was, or can be, accessed by the culprits. However, the same can not be said for the stolen firearms...

Department of Homeland Security and Biometric Data Sharing

From Government Computer News
The Department of Homeland Security (DHS) believe that governments and companies need to share biometric data internationally to assist in anti-terrorism. Privacy advocates and biometrics professionals feel are pushing back given the current state of privacy controls, policies, and lack of international oversight.

Unfortunately, this issue has played out in the ethical, as opposed to the technical (or better yet - a combination of the two), aspects. The DHS views this as a "We already have the technology to capture and share the information, so why shouldn't we?" Yet, a more helpful way to phrase the problem might be "How can we share biometric data to achieve surveillance and anti-terrorism goals without compromising the privacy of the majority of those who's data is surveilled?"

Thursday, February 8, 2007

Markle Follows up on GAO's Criticism of DHHS

The Markle Foundation wants privacy policies in place before technology decisions regarding the future of healthcare IT are set.

Wednesday, February 7, 2007

"Piracy" vs. "Privacy"

Two words. So different in meaning, and yet, people often make the semantic slip to substitute one for the other. It's amusing and an honest mistake. I know that I've done it before, but you might expect that the editor would catch the faux pax in the title of an article:

Apple Wants Anti-Privacy Technology to End at

By the way, I came across this because I subscribe to a privacy news filter through Google news. I guess it's serendipity.

Tuesday, February 6, 2007

GAO Concerned about Federal Health Information Privacy Protections

In a recent report, the General Accounting Office (GAO) criticized the Department of Health and Human Services (DHHS) for failing to have adequate privacy guidelines in place before issuing contracts to develop health information technologies.

The GAO commended DHHS for creating advising committees on privacy and security topics, as well as drafting contracts that explicitly require the recipients to address privacy issues. Yet, the GAO is concerned that it is unclear how privacy protections will be developed and administered.

Monday, February 5, 2007

License, Registration, DNA Sample Please

Most people detained by federal authorities will now have to submit their DNA to federal databases for forensic purposes. Sampling began today.

Blue Cross Sharing Claims and More to ...

Back in August, it was reported that Blue Cross Blue Shield (BCBS) will share claims and health information on 79+ million people to emploers, drug companies, and other private and public organizations. A list of the BCBS providers can be found here.

In an interesting response, the head of the Patient Privacy Rights Foundation said "This move by the Blues reveals what Americans can expect from an electronic health system because they no longer have the right to control access to their medical records. Their sensitive health records will be used for corporate profits and in ways that can directly harm them."

But wait, let's think about this... did we ever have the right to control access to our medical records?

I agree that the unregulated disclosure of patient-specific information is potentially harmful to the enrollees of BCBS. Granted, until we know the control mechanisms that have been institute by the BCBS administration, we can't determine the extent to which patients are being put in harms way. If the appropriate safeguards are taken then it is possible to share patient-specific data with probable patient protections. Anyone know the details of this endeavor?

Do Lax Privacy Violations Enforcement Makes HIPAA Toothless?

(from Med-Privacy Mailing list)
In the three years since the enforcement provisions of the HIPAA Privacy Rule went into effect, more than 21,000 complaints alleging privacy violations have been filed with the Office for Civil Rights at HHS. Yet only 2 criminal cases have been filed and NO fines have been assessed in response to any of those complaints.

Congress’ intent in passing the HIPAA statute in 1996 was to create strong protections for patients' privacy. Yet ten years later, patients' most sensitive information is more exposed and vulnerable than ever before. Lax enforcement, inadequate penalty provisions and HHS amendments in 2002 turned HIPAA into an act that allows patients' most sensitive information to be shared without their permission and without penalty for improper use.

NYTimes: Health (and More) Information Access Holes

The New York Times ran an interesting story discussing breaches of confidentiality in electronic medical record systems. Worth a read.

"Dr. Craig Smith performed heart surgery on former President Bill Clinton two years ago at NewYork- Presbyterian Hospital. Computer hackers tried to get a peek at the famous patient’s electronic medical records."

Sure, prevent the hackers - but watch out for the insiders:

"The same hospital thwarted 1,500 unauthorized attempts by its own employees to look at the patient records of a famous local athlete"

NY 911 to Accept Cell Phone Images

In his state of the city address, New York City Mayor Michael Bloomberg said that the New York City 911 system will be upgraded to accept digital images from cell phones in addition to phone calls. So, everyone with a cell phone, click and send.

The system is being designed by the new company PowerPhone, and it will be used in more cities than just NYC.

I wonder what the data use and retention policies are going to be. What is 911 going to do with the images? What are they permitted, legally, to do with the images? Where are they going to be stored and for how long? It's a bit disconcerting when you think about it, especially considering that cell phone cameras are crossing the public-private divide. Take my picture with a public webcam, such as in central park, please. I'm in a public area and the expectation of privacy is low. But take my picture someplace else, such as... oh, ... say the comfort of my living room and there may be some concerns.

Genetic Privacy Law on the Horizon?

Once again, President Bush is pushing congress to enact privacy protection for genetic information (You can read an excellent New York Times story if you have a subscription). This follows up on Dr. Francis Collins' comments on the need for genetic privacy.

Pretexting Ban in Cali, but not US

Pretexting - the act of gaining data under false pretenses. Bills have been proposed to ban pretexting in the US Congress and California. It passed in California, but we'll have to wait until Congress reconvenes to find out if the law will gain national standing.

To clarify, the "California antipretexting law" (Senate Bill 202) will kick in Jan 1 and will cover telephone records of California citizens. The law prohibits the release of an individual's phone records to anyone but the original caller.

Privacy Blog

After years of mixing news and research-related information with my personal blog, I will now be separating the two. This blog will be for all news related to privacy issues.