Privacy Digest

Technology's Toll on Privacy and Security: In-Depth Reports in Scientific American's Special Issue - Via Scientific American:

Computers, databases and networks have connected us like never before, but at what cost?

SciAm's issue on Privacy. Our jittery state since 9/11, coupled with the Internet revolution, is shifting the boundaries between public interest and "the right to be let alone"

A cold wind is blowing across the landscape of privacy. The twin imperatives of technological advancement and coun­terterrorism have led to dramatic and possibly irreversible changes in what people can expect to remain of private life. Nearly 10 years ago Scott McNealy of Sun Microsystems famously pronounced the death of privacy. “Get over it,” he said. Some people, primarily those younger than about 25, claim to have done just that, embracing its antithesis, total public disclosure. And of course in many cases—determining the whereabouts of a terrorist or the carrier of a disease—public interest has an overwhelming claim on information that is usually private.

Yet in many contexts—banking, commerce, diplomacy, medicine—private com­­munications are essential. The founding fa­­thers of the Republic put great stock in personal privacy; privacy is embodied (though, as we are often reminded, not stated) in the Bill of Rights. In her keynote essay Esther Dyson clarifies what “privacy” means by reminding us what it is not: several important issues commonly labeled dilemmas of privacy are better understood as issues of security, health policy, insurance or self-pre­sentation.  read more »

Prescription Data Used To Assess Consumersv - Via washingtonpost.com :

Health and life insurance companies have access to a powerful new tool for evaluating whether to cover individual consumers: a health "credit report" drawn from databases containing prescription drug records on more than 200 million Americans.

Collecting and analyzing personal health information in commercial databases is a fledgling industry, but one poised to take off as the nation enters the age of electronic medical records. While lawmakers debate how best to oversee the shift to computerized records, some insurers have already begun testing systems that tap into not only prescription drug information, but also data about patients held by clinical and pathological laboratories.

Traditionally, insurance companies have judged an applicant's risk by gathering medical records from physicians' offices. But the new tools offer the advantage of being "electronic, fast and cheap," said Mark Franzen, managing director of Milliman IntelliScript, which provides consumers' personal drug profiles to insurers.

The trend holds promise for improved health care and cost savings, but privacy and consumer advocates fear it is taking place largely outside the scrutiny of federal health regulators and lawmakers.  read more »

Consent No Cure For Health Info Privacy Issues - Via CDT - PolicyBeta:

An article in the Washington Post today reported on the use by health and life insurers of identifiable prescription drug records to make coverage decisions. This data is actually acquired by companies that act as data brokers or analysts on behalf of insurers, and individuals applying for insurance consent to having their prescription drug data gathered and used for this purpose. The article further notes that the gathering of this data will be even easier when this information is stored in electronic health records.  read more »

ACLU Urges Congress to Define Medical Privacy as Patient Control of Electronic Health Records - Via ACLU - Privacy:

PRO(TECH)T Act leaves electronic patient data vulnerable to theft and misuse

FOR IMMEDIATE RELEASE
Contact: 202-675-2312, media@dcaclu.org

Washington, DC – The American Civil Liberties Union today urges the House Energy and Commerce Committee to require patient control of medical records and compensation for privacy breaches to be a part of the standards set for converting to electronic patient records. The ACLU cautions that H.R. 6357, the “Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008” or the PRO(TECH)T Act, has insufficient privacy provisions and leaves patients vulnerable to bad, lost, stolen or misused data.

In addition, the ACLU urges the House Ways and Means Subcommittee on Health to consider how privacy protections will be built into new, high tech health systems as it hears testimony this Thursday. The subcommittee announced that protecting patient privacy and information security would be among the issues discussed at its July 24 hearing regarding health information technology. Other issues include potential costs and benefits, clinical capabilities and incentive effectiveness.

The following can be attributed to Timothy Sparapani, ACLU Senior Legislative Counsel:  read more »

CDT Policy Post: Privacy and Security Principles for Health Information Technology - Via Center for Democracy and Technology:

CDT issued a policy post today on the topic of Privacy and Security Principles for Health Information Technology. In the document, CDT emphasizes the importance of building privacy and security into e-health systems from the outset and identifies the basic requirements of a comprehensive privacy and security framework for health information technology. The document makes several suggestions for Congress to consider when crafting legislation; it also calls on federal lawmakers to build a comprehensive framework for e-health through the enactment of incremental, workable policy solutions.

CDT Policy Post 14.9 June 24, 2008

(Read Original Article - Via Center for Democracy and Technology.)

ACLU Urges Congress to Ensure Privacy of Electronic Health Records - Via ACLU - Privacy:

Americans worried medical secrets in new databases will be misused

FOR IMMEDIATE RELEASE
CONTACT: (202) 675-2312 or media@dcaclu.org

Washington, DC – Today, lawmakers will be making decisions about the future of patients’ medical privacy as legislation aimed at pushing the health care industry toward a conversion from paper to electronic health records is due for a vote by a House panel.

The American Civil Liberties Union urges the House Energy and Commerce Subcommittee on Health to amend Chairman John Dingell (D-MI) and Ranking Member Joe Barton’s (R-TX) “PRO(TECH)T Act of 2008” to protect and secure Americans’ intensely personal health information as it encourages the development of new record-keeping databases.  read more »

CDT Endorses Policy Framework for Consumer Health Record Services - Via Center for Democracy and Technology:

CDT has joined prominent health care providers, Internet companies, insurers, and other consumer advocates in endorsing a set of practices for new Internet services that allow individuals to access and maintain their personal health information. The framework, developed in a collaborative process organized by the Markle Foundation, recommends a detailed and comprehensive set of practices that can help protect the privacy and security of Personal Health Records (PHRs) and other services.

Connecting for Health Framework June 24, 2008 [off-site]

(Read Original Article - Via Center for Democracy and Technology.)

Slashdot | California Cracks Down On Genetic Testing - Via Slashdot :

genie-out-of-the-bottle writes "California's Department of Public Health has sent cease-and-desist notices to 13 companies that market genetic testing directly to consumers. (We discussed these services when they launched.) Allegedly, under state law, California residents must submit a doctor's order to have a genetic test run. It will be interesting to see if the government will actually succeed in putting the genetic genie back in the bottle, given that all you need for testing is a few drops of saliva. The effort closely resembles US government attempts to block export of strong encryption product back in 90s." --- A Wired editor has up an opinion piece arguing that his DNA is his business and none of the government's.

(Read Original Article - Via Slashdot .)

ACLU Urges Congress to Maximize Medical Privacy of Electronic Health Records - Via ACLU - Privacy:

Washington, DC—The American Civil Liberties Union urges the House Energy and Commerce Subcommittee on Health at today’s hearing to develop privacy and security standards at the same time the health care industry converts from paper to electronic patient records. The ACLU warns that without real patient controls and compensation for misused data, American medical records are extremely vulnerable to being lost or stolen from these systems.

“Right now, patient information is at risk of becoming a commodity that business can sell or trade,” said Timothy Sparapani, ACLU Senior Legislative Counsel. “Medical privacy should not become a casualty of the race to set up electronic health records. We need real patient control of data and damages for misuse or theft.  read more »

CDT Testimony Supports Draft Health Information Legislation - Via Center for Democracy and Technology:

CDT today testified before the House Health Subcommittee in support of draft legislation regarding health information technology and privacy. CDT supports the draft language because it takes critical steps toward the goal of a comprehensive privacy and security framework, and targets many of the key issues raised by the new e-health environment. CDT urged the Subcommittee to develop this framework by building on the HIPAA Privacy and Security Rules. CDT also recommended including strong protections for health information held, or managed on behalf of consumers, by employers and companies not part of the traditional health care system.

CDT Testimony before House Health Subcommittee [PDF] June 04, 2008

(Read Original Article - Via Center for Democracy and Technology.)

Keep your medical records out of thieves' hands - Via Dallas Morning News | News for Dallas, Texas | Dallas Business News:

When someone steals your identity, obtains loans in your name and then stiffs the lenders, the effects on your credit report can be devastating.

It can take weeks, months or sometimes years – as well as plenty of frustration – to restore your good name.

But there's another kind of identity theft that not only can ruin your financial health but also endanger your life: medical identity theft.

Medical ID theft occurs when a thief uses someone's personal information – such as health insurance information – without the individual's consent to obtain medical services or goods, or to make false claims for medical services or goods.

Getting stuck with the bill for a medical procedure you never had is bad enough, but medical identity theft also has far more serious implications.  read more »

Delving Into Google Health's Privacy Concerns - Via Slashdot: Your Rights Online:

SecureThroughObscure writes "Security researcher Robert 'RSnake' Hansen discusses numerous concerns with Google's new Google Health application, which aims to integrate user's medical records online. We discussed Google Health's opening to the public earlier this week. RSnake mentions that Google has found a loophole allowing them to provide this service without having to follow HIPAA regulations, which, combined with Google's track record of having numerous flaws leading to private information disclosure, draws serious concern. Security researcher Nate McFeters of ZDNet's Zero-Day Security Blog also commented on the article,  read more »

New Law Protects Employees from Health Related Discrimination - Via ACLU - Privacy:

Washington, DC – The ACLU today commended Congress and the president for enacting the Genetic Information Nondiscrimination Act (GINA), which will stem a growing tide of employer and health insurer bias.

“We are heartened that a dark cloud has been lifted by enactment of the Genetic Information Nondiscrimination Act.” said Caroline Fredrickson, director of the ACLU Washington Legislative Office. “GINA will enable Americans to use genetic tests to illuminate their health care decisions without fear of workplace retribution.”  read more »

Health Data Systems Need A Comprehensive Privacy and Security Framework - Via Center for Democracy and Technology:

CDT's Health Privacy Project today released a paper urging policymakers and the private sector to develop and implement a comprehensive privacy and security framework to govern the wide range of computer and Internet-based systems being created to share sensitive health information. The paper examines the key issues confronting the adoption of information technology in the health care field and offers suggestions on policies and business practices that will protect patient rights while facilitating the kinds of information sharing that can reduce costs and improve care.

(Read Original Article - Via Center for Democracy and Technology.)

Senate Votes to Prevent Genetic Discrimination in the Workplace - Via NewsHour with Jim Lehrer Podcast | PBS:

As research of preventative genetic testing increases, many fear the impact this information can have on employment and health-insurance practices -- leading the Senate to vote Thursday to ban genetic-based discrimination. An expert on genetics examines the issue.

(Read Original Article - Via NewsHour with Jim Lehrer Podcast | PBS.)

Congress Expected to Pass Health Privacy Protections - Via ACLU - Privacy:

ACLU Urges President to Sign 1st Civil Rights Bill of 21st Century

FOR IMMEDIATE RELEASE
Contact: (202) 675-2312 or media@dcaclu.org

WASHINGTON DC - After more than a decade of debates, hearings and votes, Congress is expected to pass legislation referred to as the first civil rights bill of the 21st century that is a critical step toward securing civil liberties in the emerging field of medical technology.

The ACLU urges President Bush to live by his words in support of health privacy protections and sign the Genetic Information Nondiscrimination Act of 2007 – known as GINA, into law.

GINA would provide a national framework to direct companies and states on how to protect information acquired by genetic tests and protect against genetic discrimination. It will also regulate appropriate use of such information so employers and health insurers do not misuse it in a discriminatory way.  read more »