Paul Hardwick: HIPAA

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

Dispute surfaces over certification for personal health records

Wed, 14 Mar 2007 19:51:04 GMT

n a rare instance of public dissent, an American Health Information Community AHIC) workgroup has split over whether to recommend that product certification be available for personal health record software.

AHIC, a high-level advisory committee to the Department of Health and Human Services, sided with the majority on its Consumer Empowerment Workgroup and voted unanimously in favor of the certification recommendation.

A minority -- five members of the 23-person workgroup -- took the position that certification would be premature and the top priority should be privacy and security policies for PHRs. "The risks [of certification now] outweigh any potential benefits," the dissenters said in a letter to AHIC.

The workgroup's task is to foster widespread adoption of PHRs. One of its leaders, Dr. Rose Marie Robertson, told AHIC that the group believes PHRs will be more widely used if consumers do not have to sit at a computer and enter all their health information. Instead, the PHRs could be populated by data from doctors, health plans, drug stores, or elsewhere.

Medical data on Blue Cross members may be lost | CNET News.com

Wed, 14 Mar 2007 19:45:41 GMT

WellPoint, one of the nation's largest health insurers, has begun notifying 75,000 members of its Empire Blue Cross and Blue Shield unit in New York that a CD holding their vital medical and other personal information has disappeared.

The information was on an unencrypted disc that a subcontractor recently sent to Magellan Behavioral Services, a company in Avon, Conn., that specializes in monitoring and coordinating mental health and substance abuse treatments for insurance companies.

Empire began notifying the affected consumers by mail on Saturday that their records--including their names, Social Security numbers, health plan identification numbers and description of medical services back to 2003--had been lost.

[...]

Before shipping the information to Magellan, the coding and passwords that protect the privacy of the information was removed by a Magellan subcontractor, Lisa Ann Greiner, an Empire spokeswoman, said Tuesday.

Janlori Goldman, the director of the Health Privacy Center, a nonprofit organization in Washington, said the error was an "egregious breach of privacy." She said that insurance companies were responsible under a federal privacy law for ensuring that their contractors use adequate security procedures.

Greiner said that the subcontractor, Health Data Management Services, worked for Magellan, not Empire. "If any contract was breached, we are going to take direct action," she said.

Pine Bluff - Scaled-back version of drug database passes Senate

Fri, 09 Mar 2007 16:33:58 GMT

LITTLE ROCK - Scaling back the scope of a statewide database to monitor some prescription drug purchases gained Senate approval of the measure Thursday. The bill's sponsor said the amendments were intended to address concerns about patient privacy.

[...]

By a 20-7 vote, the Senate approved a bill by Sen. Denny Altes, R-Fort Smith, that would allow the state Board of Pharmacy to establish standards for setting up the database on drug purchases. The database would track schedule II and schedule III narcotics, such as morphine or OxyContin.

"I think we've amended this about six times now," Altes said before the vote. "I think these changes should address all the concerns that were raised."

Altes originally called for a database to track virtually all prescription drug purchases in the state. The measure passed by the Senate allows the Board of Pharmacy to set the criteria for the information to be tracked by the database.

Sen. Jim Argue, D-Little Rock, said he still believed the database could be subject to abuse and could harm the privacy of some patients.

"There is no evidence that a database like this works, but there is evidence that databases like this could be violated," Argue said.

Patient control of EHR data on network gets mixed reaction

Wed, 07 Mar 2007 15:56:32 GMT

The Health and Human Services Department has received mixed reviews for its decision to insist that the next iteration of the Nationwide Health Information Network (NHIN) allow patients to control who sees their electronic health records on the network.

Dr. Robert Kolodner, interim national coordinator of health information technology, said March 1 that trial networks funded by his office should give "people the capability to decide how they view, store and control access to their own information. A person could say how that information flows to specific entities or completely block the flow of information."

"If they do what they say, it's a tremendous thing for privacy," said Dr. Deborah Peel, founder of the Patient Privacy Rights Foundation. "It's exactly what we've been talking about for a long time."

Peel said she talked with Kolodner and learned that he wants to give patients the ability to control what happens to their health information, "down to the data field level." "I think his intentions are fantastic," she said.

Asked whether such a network would be technically feasible, Peel said the existing technology would support that degree of granularity in controlling the flow of EHR data.

But Mark Rothstein, director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine, said he doubts the HHS move will make a difference. "I don't really have a lot of confidence that it would really have any effect whatsoever," said Rothstein, a member of the official National Committee on Vital and Health Statistics.

The reason Rothstein was less than enthusiastic about the HHS move: Privacy problems are primarily policy and legal issues in his view, not technology-based. Rothstein recently testified before a Senate subcommittee, criticizing HHS for failing to tackle privacy and other policy issues associated with development of the NHIN. Kolodner's announcement doesn't address many of the policy questions, he said.

Kolodner's office "has indicated no prior interest in this concept," Rothstein said, suggesting that there is no way to know how committed HHS is to its plans. Others have pointed out it is one of the first HHS health IT initiatives that deviates from plans outlined by Kolodner's predecessor, Dr. David Brailer.

Breach of Personal Information at Calif. Dept. of Health Service Handled Quickly.

Sun, 04 Mar 2007 03:40:00 GMT

Breach of Personal Information at Calif. Dept. of Health Service Handled Quickly. "We are taking steps to notify you of this, consistent with our policy, and with the sensitivity around all HIV related issues." [GT: Security and Privacy]

DOD, Microsoft sign deal to data mine health records

Thu, 01 Mar 2007 23:46:58 GMT

The Defense Department has signed an agreement with Microsoft under which the software vendor will help develop tools and methods for analyzing the department's 9.1 million electronic patient records to find better ways to manage the health of DOD beneficiaries.

Under the cooperative research and development agreement, Microsoft will work with the Army's Telemedicine and Advanced Technology Research Center to extract, store and analyze data stored in DOD's Armed Forces Health Longitudinal Technology Application (AHLTA) electronic health record system.

The AHLTA clinical data repository (CDR) is "an untapped goldmine of health information, and the ability to draw upon and efficiently use this data will allow us to unleash the true power of AHLTA," said Dr. William Winkenwerder Jr., assistant secretary of Defense for health affairs. "This project has the potential to vastly improve our ability to provide both force health protection and population health improvement activities for every soldier, sailor, airman and Marine."

Microsoft and the Army center aim to develop a clinical data warehouse (CDW) that provides predefined queries of interest to clinicians and analysts. The warehouse also will support data mining, which uses clustering and pattern recognition techniques to discover previously unknown correlations in the data. Intel and HP are providing support on security, sizing, and scalability testing of the CDW architecture, Microsoft said.

Dr. Deborah Peel, chairwoman of the Patient Privacy Rights Foundation, views the patient information not as a goldmine ripe for exploitation but as a collection of personal and sensitive health information that needs to be zealously guarded and only accessed with express consent by the patient.

U.S. Bill Proposes E-Health Records Incentives.

Thu, 01 Mar 2007 23:19:07 GMT

U.S. Bill Proposes E-Health Records Incentives. Doctors would get $3 for every patient signed up to use an electronic health record under terms of a new House bill introduced today. [PC World: Latest Technology News]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Federal health IT advisory group member quits, cites privacy concerns.

Mon, 26 Feb 2007 23:13:12 GMT

Federal health IT advisory group member quits, cites privacy concerns. Paul Feldman, a member of the committee that will offer recommendations to the U.S. government on the formation of a nationwide health information network (NHIN) has resigned. [Computerworld Privacy News]

AHIC privacy co-chairman resigns in protest

Mon, 26 Feb 2007 23:10:39 GMT

Paul Feldman resigned on Feb. 21 as co-chairman of the American Health Information Community's Confidentiality, Privacy and Security (CPS) Workgroup, citing in a letter to Interim National Coordinator for Health Information Technology Robert Kolodner the panel's lack of "substantial progress toward the development of comprehensive privacy and security policies that must be at the core of a nationwide health information network."

Data Breach Hits Close to Home.

Fri, 23 Feb 2007 15:54:10 GMT

Data Breach Hits Close to Home.

I took some time off work last fall to spend with my wife, who had just been diagnosed with a golf-ball-sized tumor in her brain that needed to be removed. With the help of a few well-connected friends, we were privileged to have her seen by one of the top neurosurgeons in the world, a surgical ninja at The Johns Hopkins Hospital in Baltimore.

The surgery was a great success, and the wife is just fine now. She carries nary a lingering symptom, visible scar or traumatic memory from the ordeal, save perhaps for the seemingly endless stream of bills and letters from our health insurance provider.

That is, until last week, when she returned from the mailbox with a letter from the hospital alerting us that she was among some 83,000 Hopkins patients whose hospital records may have been compromised on account of a lost backup tape.

According the letter, the lost tape contained data on new patients seen between July 4 and Dec. 18, 2006, or who had changes to their demographic information during that time. Among the data stored on the tape was the patient's name, mother's maiden name, father's name, race, sex, birth and medical record number. However, Hopkins was emphatic that there was no medical or Social Security data on the tapes.

I must have read the letter three times in all, and at first I was pretty alarmed. But looking back now, I must say I don't think I've ever read a more thorough breach notification. The letter explained in detail what they thought happened to the backup tape and listed a number of reasons why Hopkins believed the risk to patient privacy was low in this case (many other medical data breach notifications I've read ask you simply to accept their pat answer that there is little chance of the data being misused). The hospital created a very informative Web site for affected patients, and listed a toll-free number for people who don't have Internet access.

[Security Fix]

Tapping Brains for Future Crimes.

Fri, 16 Feb 2007 01:06:25 GMT

Tapping Brains for Future Crimes. A breakthrough in computer-assisted mind reading brings us closer to predicting criminality. Should the justice system adapt? Commentary by Jennifer Granick. [Wired News: Security Blanket]

Second Maryland hospital in a week discloses breach.

Fri, 16 Feb 2007 00:44:34 GMT

Second Maryland hospital in a week discloses breach. St. Mary's Hospital in Leonardtown, Md., has become the second hospital in the state in the last week to disclose a potential compromise of patients' personal data. [Computerworld Privacy News]

Electronic Medical Records Sound Good, Privacy an Issue, Says Survey.

Mon, 12 Feb 2007 17:36:18 GMT

Electronic Medical Records Sound Good, Privacy an Issue, Says Survey. "Personal medical records have always been rated as highly sensitive by the American public." [GT: Security and Privacy]

Johns Hopkins loses 135,000 worker, patient records.

Mon, 12 Feb 2007 17:34:26 GMT

Johns Hopkins loses 135,000 worker, patient records. Computer backup tapes with payroll data on 52,000 Johns Hopkins workers and medical information on 83,000 patients were lost last month, the university and hospital announced yesterday. [Computerworld Privacy News]

Baylor Health network starts linking patient data.

Mon, 12 Feb 2007 02:07:09 GMT

Baylor Health network starts linking patient data. Baylor Health Care System has completed the first phase of an e-health project -- using integration tools to consolidate registration records at the hospitals in its network. [Computerworld Data Mining News]

Senator, witnesses say health IT office is dropping ball on privacy

Mon, 05 Feb 2007 19:23:12 GMT

"I fear that HHS is not acting fast enough" to build privacy and security into the emerging Nationwide Health Information Network, Akaka said.

The senator's position was bolstered by testimony from Mark Rothstein, director of the Institute for Bioethics, Health Policy and Law at the University of Louisville School of Medicine in Louisville, Kentucky. In Kolodner's office, "the focus on privacy is currently lagging behind" work on technical issues such as network architectures, Rothstein testified.

And Carol Diamond, managing director of the Markle Foundation's health programs, said privacy and security policies should be finalized before technology is developed.

"If technology is developed in advance of, or in the absence of, the relevant policy framework, our nation runs the risk of inappropriate uses of personal information followed by a public clamor for hasty remedies," Diamond said. "In those circumstances, we may find ourselves retrofitting complex technologies at great costs....This unnecessary cycle will undermine the sustainability of a health information sharing network."

VA data missing again.

Mon, 05 Feb 2007 19:08:16 GMT

VA data missing again. The Department of Veterans Affairs is again the victim of data loss. A VA-owned, portable hard drive potentially containing personal information on an unknown number of veterans has been reported missing from a VA facility in Alabama.

The VA announced Feb. 2 that a department employee at a medical facility in Birmingham, Ala., reported that the hard drive may have been stolen.

In May 2006, a laptop computer and external hard drive containing personal data on about 26.5 million veterans and their families were stolen from the home of a VA employee in suburban Maryland.

The laptop and hard drive were recovered a month later, and FBI officials said the data most likely had not been compromised. But the theft became a department scandal because several high-ranking VA officials failed to deal with the loss expeditiously.

[FCW: Privacy]

GAO questions HHS efforts to secure electronic health records.

Mon, 05 Feb 2007 19:03:33 GMT

GAO questions HHS efforts to secure electronic health records. The Government Accountability Office is calling on the Department of Health and Human Services to come up with a plan to protect the security of health data exchanged electronically. HHS said it's already doing so. [Computerworld Privacy News]

US Set on Expansion of Security DNA Collection.

Mon, 05 Feb 2007 18:28:59 GMT

US Set on Expansion of Security DNA Collection. An anonymous reader dropped us a link to this New York Times article about a 'vast expansion' of DNA sampling here in the US. A little-noticed rider to the January 2006 renewal of the 'Violence Against Women Act' allows government agencies to collect DNA samples from any individual arrested by federal authorities, and from every illegal immigrant held for any length of time by US agents. The goal is to make DNA collection as routine a part of detainment as fingerprinting and photography. Privacy experts and immigrant rights groups are decrying this initiative already. Many are also skeptical of lab throughput, as FBI analysts indicate this may increase intake by as much as a million samples per year. There is already a backlog of 150,000 samples waiting to be entered into the agency's database. [Slashdot: Your Rights Online]

My health records? Let me check my cell.

Fri, 02 Feb 2007 05:30:05 GMT

My health records? Let me check my cell. Blue Cross of Northeastern Pennsylvania plans next month to allow its 600,000 members to access their health records on cell phones or handheld devices. [Computerworld Privacy News]

Anger over EC medical data-sharing scheme - ZDNet UK

Sat, 27 Jan 2007 19:40:51 GMT

The European Commission is about to call for proposals on how patients' medical details would be shared between its member states, with the UK almost certain to be included in the scheme.

Within the next few days, an initiative called the Competitiveness and Innovation Framework Programme (CIP) will be adopted as part of Framework 7, a massive drive by the EU to fund research and development, with e-health being a major beneficiary.

One requirement of the CIP will be to establish interoperability between member states' healthcare IT systems, such as the NHS' so-called "Spine", which is the new UK database of patient care records.

This aim was outlined in a document published in September last year, entitled Connected Health: Quality and Safety for European Citizens. In this document, the Commission's ICT for Health unit called for interoperability between nations' healthcare systems, arguing that "health, social care and other providers must no longer work in isolation, but need to collaborate as a team, if necessary beyond their national and linguistic borders".

On Wednesday, Paul Timmers, the head of the Commission's eGovernment unit, told a London telehealth symposium that work was already underway on "interoperable platforms that can work... across borders".

Dr Gerard Comyn, head of the ICT for Health unit, confirmed on Thursday that the idea will shortly enter the "proposals stage", part of the competitive bidding process. This will be followed by a large-scale pilot involving six member states. According to those close to the plans, the UK is certain to be one. The pilot stage will take about three years to become operational and "real scale operations" should be in place by 2012.

Anger Over EU Medical Data-Sharing.

Sat, 27 Jan 2007 19:36:14 GMT

Anger Over EU Medical Data-Sharing. ukhackster writes "A row is brewing in Europe over plans to make medical records available across the EU. The scheme calls for interoperability between health systems in 22 different countries. Experts are predicting that security problems could expose confidential patient records, with one calling the affair 'a colossal waste of money and energy.' This 'e-Health' initiative reflects similar projects in the United States, and raises many of the same issues discussed here. The article makes it clear that many important issues, such as security, privacy, and the rights of patients, are still up in the air as the project moves forward. Could this be another huge IT project disaster on the horizon?" [Slashdot: Your Rights Online]

Trial begins soon on N.H.'s prescription privacy law - Boston.com

Mon, 22 Jan 2007 23:53:46 GMT

CONCORD, N.H. --A new state law barring data mining companies from getting information about individual doctors' drug prescribing habits will go on trial next week in federal court.The law, which took effect last June, made New Hampshire the first state to try to block drug manufacturers' hard-sell tactics by restricting access to data that identifies individual doctors.

The law is supposed to prevent drug company sales representatives from learning which doctors favor brand name drugs or generics, and which are more willing to try new drugs.

Bulk data including prescribers' zip codes, location and medical specialties may be released under the law, and the information also may be used for care management, clinical trials or education.

Two companies that collect, analyze and sell such information sued the state days after the law took effect, arguing it violates the U.S. Constitution by impeding free speech in the "marketplace of ideas."

New Hampshire represents fewer than 1 percent of prescriptions written nationwide. But IMS Health Inc. and Verispan LLC fear other states could follow suit, harming access to valuable information.

IMS Health executive Randolph Frankel said such data, used for detailed profiles of doctors and hospitals, can help consumers make better choices and can better inform public health decisions.

The Seattle Times: Local News: State to share data on some Medicaid patients

Thu, 18 Jan 2007 20:19:51 GMT

YAKIMA -- In an effort to curb abuse of prescription narcotics, the state will begin sharing medical information about certain low-income clients with doctors and others who treat them.

In the Yakima pilot program, state Medicaid officials will identify clients with a chemical dependency and send pharmacy, inpatient and emergency-room information to all medical professionals who have treated them in the past 12 months.

"My major intention as chief medical officer is to do this for safety reasons," said Dr. Jeffery Thompson, of the state Department of Social and Health Services, which oversees Medicaid.

Blair denies plans for super database - Computing

Wed, 17 Jan 2007 17:41:39 GMT

Prime Minister Tony Bair has denied that government plans to make more intelligent use of information held by departments will create a Big Brother 'super database' that poses a threat to privacy and civil liberties.

Plans to share information across Whitehall are 'perfectly sensible' and opposition to them is based on a misrepresentation of what is proposed, claims the PM.

No new database is being planned and the row 'is a very good example of how a perfectly sensible thing can be misconstrued', he said at a Downing Street seminar this week.

The prime minister's comments follow the launch this week of a public consultation on improvment of public services which includes questions about government departments and agencies sharing citizen data.

The proposals follow Cabinet Office ministerial committee recommendations in August that datasharing practices switch from the basis that information may not be shared, to the assumption that it can be unless it is specified otherwise.

Kansas: Concern Over Abortion Records - New York Times

Wed, 10 Jan 2007 19:23:34 GMT

The state attorney general, Paul Morrison, left, said he was concerned that patient records his predecessor gathered in a failed effort to prosecute an abortion doctor might have been copied, making them insecure. The former attorney general, Phill Kline, had appointed a special prosecutor to handle the case against the doctor, George Tiller. Mr. Morrison said he planned to fire the prosecutor, Don McKinney, who in the past has protested outside Dr. Tiller's clinic. But he said Mr. Kline had already given Mr. McKinney partial records on about 90 clinic patients. Mr. McKinney did not return a call seeking comment.

Computer theft may have exposed patient data across five states.

Wed, 10 Jan 2007 02:13:12 GMT

Computer theft may have exposed patient data across five states. A computer stolen from the office of Cincinnati-based Electronic Registry Systems has exposed sensitive health care data belonging to tens of thousands of patients in five health care firms. [Computerworld Privacy News]

Medical identity theft can kill you (Page 1 of 3)

Wed, 10 Jan 2007 02:10:45 GMT

Financial identity theft might wound your wallet, but medical identity theft can kill you.

Medical identity theft occurs when criminals obtain information such as a health insurance identification or Social Security number and use it to get health care or to obtain reimbursement from insurers and others for false claims. That means your medical history and health care records can include someone else's information. This can be life threatening: for example, causing a transfusion of the wrong blood type.

"People can die from this crime," says Pam Dixon, executive director of the World Privacy Forum, a privacy rights group. "It is a potentially huge issue. It's an incredibly intransigent problem and victims are finding that they have to sue health care providers to have their records corrected."

As paper-based, medical-record-keeping systems evolve toward electronically based interconnected systems, the potential for catastrophic errors is on the rise.

Hospitals and insurance companies face enormous expenses when it comes to medical identity theft, as they are forced to write-off charges incurred by the thieves. But its victims find that the financial aspects of this type of identity theft are the easiest to deal with -- it's the potential medical consequences that are much tougher to correct.

Because health privacy and access laws lag behind credit access and reporting laws, victims frequently have little recourse to correct errors in their reports, and even when corrected, errors are apt to pop up again years later. Often victims are unaware for years that their medical identities have been stolen, according to the World Privacy Forum.

Health care providers, concerned about possible liabilities, are reluctant to correct errors in medical records and in some cases inform victims that the identity of the thief is protected under federal privacy laws so the victim can't even view the part of their records that is wrong.

Aetna to offer patients access to online data.

Wed, 10 Jan 2007 02:05:37 GMT

Aetna to offer patients access to online data. Aetna next month plans to begin rolling out the Aetna Care Engine Powered Personal Health Record to its members, giving them online access to their health records. [Computerworld Privacy News]

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Thu, 28 Dec 2006 23:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Thu, 28 Dec 2006 23:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

DoH sticks to 'opt out' for patient e-records.

Wed, 20 Dec 2006 01:48:51 GMT

DoH sticks to 'opt out' for patient e-records.

Patients have a 'realistic' period to opt out

The Department of Health (DoH) has stuck by the "implied consent" model for the central collection of electronic patient records in England, but will provide support for those who want to opt out

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Home Office bumps up innocents on DNA Database.

Mon, 18 Dec 2006 19:16:22 GMT

Home Office bumps up innocents on DNA Database.

Eight times figure previously announced

Less than two thirds of people whose profile is stored on the National DNA Database are there for having been cautioned or convicted of a criminal offence, Home Office figures have revealed.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

FOXNews.com - Report Finds Pharmacies Lax With Patient Records, Privacy - Health News | Current Health News | Medical News

Fri, 01 Dec 2006 20:09:36 GMT

PROVIDENCE, R.I. -- The nation's largest drugstore chains say they are working to better protect patient privacy after an investigative TV report turned up sensitive information about hundreds of customers in trash bins in cities around the country.

Indianapolis TV station WTHR inspected nearly 300 trash bins and found nearly 2,400 patient records, including pill bottles, customer refill lists and prescription labels. Most of the bins belonged to Walgreens Co., CVS Corp. or Rite Aid Corp. The inspections were done in more than a dozen cities ranging from Boston to Louisville, Ky., to Phoenix.

CfH report confirms confidentiality risk.

Mon, 27 Nov 2006 17:34:52 GMT

CfH report confirms confidentiality risk.

Keeping mum on care records

Plans to upload medical records onto a central database - the so-called spine - will put patient confidentiality at risk, Connecting for Health (CfH) has been told by its own consultants.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Care Records conference opens and closes debate.

Mon, 27 Nov 2006 16:24:50 GMT

Care Records conference opens and closes debate.

Questions, questions, questions

The third annual Care Record Development Board get-together got underway yesterday (Thursday), bringing together "key stakeholders" in the government's proposed digitising of the UK's medical records.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Work begins on merging Health and Social care records.

Mon, 27 Nov 2006 16:23:16 GMT

Work begins on merging Health and Social care records.

Floating ideas at the CRDB

Work has begun on a social care equivalent of the care records guarantee for medical records, paving the way for merging health and social care records. The plans were disclosed as part of a debate at the annual Care Records Development Board meeting in London, yesterday.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

O'Reilly Has Details of Kansas Abortions

Wed, 15 Nov 2006 05:36:51 GMT

An abortion doctor plans to ask for an investigation of the state attorney general and Bill O'Reilly over comments by the Fox television host that he got information from Kansas abortion records, the doctor's attorneys said Saturday.

Dr. George Tiller said he will ask the Kansas Supreme Court on Monday to appoint a special prosecutor to investigate and take possession of the records of 90 patients from two clinics.

Attorney General Phill Kline obtained the records recently after a two-year battle that prompted privacy concerns. He has said he sought the records to review them for evidence of possible crimes including rape and illegal abortions.

During a Friday night broadcast of 'The O'Reilly Factor,' the conservative host said a 'source inside' told the show that Tiller performs late-term abortions when a patient is depressed, which O'Reilly deemed 'executing babies.'

O'Reilly also said his show has evidence that Tiller's clinic and another unnamed clinic have broken Kansas law by failing to report potential rapes with victims ages 10 to 15.

A spokeswoman for Kline, who received redacted copies of the records Oct. 24, said Saturday he doesn't know how O'Reilly obtained the information.

'We don't know anything about Mr. O'Reilly's inside source,' spokeswoman Sherriene Jones said. 'I assumed he was talking about somebody on the inside of the abortion clinics.'

Patients can't stop medical records upload.

Fri, 10 Nov 2006 01:56:41 GMT

Patients can't stop medical records upload.

Privacy not a medical necessity in UK

Up to 50 million health records will be placed on Britain's new NHS IT system with or without patients' consent, a report has claimed. The Guardian newspaper said that patients will not be allowed to object to information being loaded on to the system.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

UK promises care record 'opt-out' - again.

Sun, 29 Oct 2006 03:49:07 GMT

UK promises care record 'opt-out' - again.

Doctors will explain it to patients

UK health minister Lord Warner has outlined how people will be able to "opt-out" of having their NHS medical records shared on a national database.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Health care privacy law: All bark, no bite? - The Red Tape Chronicles - MSNBC.com

Fri, 27 Oct 2006 01:57:32 GMT

Two years ago, when Bill Clinton had heart surgery performed in New York's Columbia Presbyterian Medical Center, 17 hospital employees -- including a doctor -- peeked at the former president's health care records out of curiosity. Earlier this year, Boston-based Brigham and Women's Hospital repeatedly faxed patient admission sheets to a nearby bank by accident. The faxing continued even after bank employees warned the hospital. In Hawaii, Wilcox Memorial Hospital lost a thumb drive containing personal information on every one of its 120,000 current and former patients.

None of the institutions involved in these incidents has been fined under the highly touted medical privacy law, known as HIPAA (Health Insurance Portability and Accountability Act).

In fact, there have been 22,664 HIPAA privacy-related complaints filed since the privacy rule took effect in 2004, and not a single institution has been fined for privacy lapses, according to the Department of Health and Human Services, which enforces HIPPA. It's not clear that any of the three incidents above generated HIPAA privacy complaints, so the total number of privacy-related incidents is no doubt higher.

Health privacy advocates are crying foul. One even calls HIPAA a "charade."

"It's a huge charade imposed on the public at great expense," said Twila Brase, president of the Citizens' Council on Health Care, a Minnesota patient-rights group. "The real scandal ... is that they called it a privacy rule."

The New Threat: Attackers That Target Healthcare Organizations.

Thu, 26 Oct 2006 03:09:28 GMT

The New Threat: Attackers That Target Healthcare Organizations. Third Brigade submits this white paper on the new threats that face medical facilities. By Third Brigade. [Infosec Writers Latest Security Papers]

E-Health Gaffe Exposes Hospital.

Wed, 11 Oct 2006 21:48:42 GMT

E-Health Gaffe Exposes Hospital. An Indiana computer consultant finds a password hard-coded into a popular medical office application, and that leads to patient data from a hospital in Washington, D.C. By Kevin Poulsen. [Wired News: Security Blanket]

Medical privacy case rejected

Wed, 11 Oct 2006 02:04:21 GMT

WASHINGTON -- The Supreme Court on Monday rejected a lawsuit by privacy advocates who say the Bush administration's rules for disclosing medical records are too lax.

Ten groups representing 750,000 consumers, medical practitioners and their patients challenged a federal rule that encourages development of an information system for electronic transfer of health data.

An initial proposal would have required health-care providers to obtain patients' consent before disclosing health information. That approach prompted complaints from professionals in the health care sector, who said it would significantly impair the industry's ability to provide timely and efficient medical services.

The final rule put in place in 2003 leaves it up to health-care providers whether to seek patients' consent to use or disclose information for routine uses. The rule requires that disclosure must be limited to the "minimum necessary" information to accomplish the intended purpose. It also allows states to have more stringent standards if they wish.

In a decision the privacy advocates had sought to reverse, the 3rd U.S. Circuit Court of Appeals said that any privacy violations could not properly be blamed on the government. The federal rule did not "compel" or "command" any privacy violations, said the Philadelphia-based appeals court.

The rule does not displace existing privacy protections, the government argued.

The case is Citizens for Health v. Michael O. Leavitt, 05-1311.

IBM, health group sign deal to mine patient data to improve care.

Wed, 11 Oct 2006 01:36:20 GMT

IBM, health group sign deal to mine patient data to improve care. Geisinger Health System and IBM will use data warehousing technology to develop a system for integrating and mining patient data to create customized treatment plans and ensure quality care. [Computerworld Data Mining News]

Ten computers stolen from Nashville-based hospital firm.

Mon, 21 Aug 2006 18:14:23 GMT

Ten computers stolen from Nashville-based hospital firm. Nashville-based HCA Inc. said 10 computers containing information on an unknown number of patients have been stolen from one of its regional offices. Law enforcement officials, including the FBI, are investigating. [Computerworld Privacy News]

Bill Seeks National Medical Records System - Los Angeles Times

Mon, 21 Aug 2006 17:59:35 GMT

Congress wants all patients' data to be computerized. But critics say the legislation needs more privacy safeguards, pointing to recent breaches.

[...]

Privacy advocates say the legislation needs stronger protections, such as provisions that would allow patients to control who sees their records or even to opt out of the electronic system. Agencies should be required to notify patients of a security breach, and patients should have the right to sue over unauthorized disclosures, privacy advocates say.

"The main thing we are concerned about is that if this information leaks out to employers, it can destroy people's reputations and livelihoods," said Dr. Deborah Peel, a leading critic and a psychiatrist who heads the Patient Privacy Rights Foundation in Austin, Texas.

Under the legislation, patients would not "have the basic right to control who can see and use the most sensitive information on Earth about you," Peel added.

Supporters of the legislation -- known as the Health IT bill -- say existing federal medical-privacy laws offer sufficient safeguards. Such laws "already provide absolute protection of our health information," said Rep. Nancy L. Johnson (R-Conn.), a coauthor of the legislation.

The Senate unanimously approved a version of the Health IT bill last year. The House version sparked partisan battles over complex technical and legal issues, as well as privacy. But House Republicans won passage over Democratic opposition last month.

A House-Senate conference to try to iron out differences promises to be contentious. Sen. Edward M. Kennedy (D-Mass.) has branded the House legislation "a weak, partisan bill."

HEALTH CARE IT: Bill Spurs Concerns Over Privacy

Mon, 21 Aug 2006 17:53:30 GMT

The Los Angeles Times on Sunday examined how the health care information technology bill approved in the House last month has "provoked opposition from privacy advocates, consumer groups and civil libertarians" who argue that the bill would not adequately protect patients' privacy (Alonso-Zaldivar, Los Angeles Times, 8/13). The House on July 27 voted 270-148 to approve an amended version of a Senate bill (S 1418) passed last November that would promote the use of health care IT. The House bill, which features the language of a separate bill (HR 4157) sponsored by Reps. Nancy Johnson (R-Conn.) and Nathan Deal (R-Ga.), would codify the Office of the National Coordinator for Health Information Technology within HHS and would establish a committee to make recommendations on national standards for medical data storage and develop a permanent structure to govern national interoperability standards. The bill also would clarify that current medical privacy laws apply to data stored or transmitted electronically and would require the HHS secretary to recommend to Congress a privacy standard to reconcile differences in federal and state laws. The legislation differs significantly from the Senate bill, which does not include provisions that would expand the number of billing codes or exempt hospitals from anti-kickback laws so that they could provide health care IT hardware and software to individual physicians (American Health Line, 7/28). Supporters of the bill say it would curb the growth of health care costs and improve patient care, but opponents -- including labor unions and consumer groups -- say the bill does not ensure adequate safeguards to protect patients' most sensitive personal information. Opponents "point to recent security breaches," including the theft of a laptop computer from the Department of Veterans Affairs that contained personal information on millions of veterans, the Times reports. The computer has been recovered, and FBI analysts have said that no data was compromised.

Bill Seeks National Medical Records System - Los Angeles Times

Mon, 14 Aug 2006 14:37:14 GMT

Congress is trying to bring the benefits of computerized medical records systems like the VA's to the whole country. By reducing reliance on paper records, lawmakers hope to save billions of dollars. And by tying computerized records systems together in networks, they hope to reduce medical errors by making information instantly available wherever it is needed.

But legislation to encourage a move to computerized records, now moving through the final stages of congressional approval, has provoked opposition from privacy advocates, consumer groups and civil libertarians who point to recent security breaches -- including the much-publicized theft of a VA laptop containing personal information on millions of veterans.

These groups warn that the legislation wouldn't provide enough safeguards.

On one side of the debate is the issue of ensuring adequate protection for a person's most personal information. On the other side is the imperative from government, employers and insurers to curb the seemingly unsustainable growth of healthcare spending, as well as to improve medical treatment.

"We are not going to be able to get healthcare costs under control and improve quality without dramatic implementation of health [technology] over the next 10 years," said Robert Laszewski, a health policy consultant. "It's one of those things where choices are going to have to be made.

"That doesn't mean give the healthcare industry a blank check -- we've got to have standards -- but I'm afraid we're going to have to take some risks," he said.

Privacy advocates say the legislation needs stronger protections, such as provisions that would allow patients to control who sees their records or even to opt out of the electronic system. Agencies should be required to notify patients of a security breach, and patients should have the right to sue over unauthorized disclosures, privacy advocates say.

"The main thing we are concerned about is that if this information leaks out to employers, it can destroy people's reputations and livelihoods," said Dr. Deborah Peel, a leading critic and a psychiatrist who heads the Patient Privacy Rights Foundation in Austin, Texas.

Under the legislation, patients would not "have the basic right to control who can see and use the most sensitive information on Earth about you," Peel added.

Supporters of the legislation -- known as the Health IT bill -- say existing federal medical-privacy laws offer sufficient safeguards. Such laws "already provide absolute protection of our health information," said Rep. Nancy L. Johnson (R-Conn.), a coauthor of the legislation.

The Senate unanimously approved a version of the Health IT bill last year. The House version sparked partisan battles over complex technical and legal issues, as well as privacy. But House Republicans won passage over Democratic opposition last month.

Privacy advocates concerned about CIA investment in e-health firm

Sun, 13 Aug 2006 20:06:40 GMT

Privacy advocates in the United States and Canada have serious concerns about the privacy of electronic health records accessed through master patient index software developed by Initiate Systems, which recently received funding from In-Q-Tel, the venture capital arm of the Central Intelligence Agency.

Canadian privacy advocates have called for a federal and provincial investigation into the relationship among the CIA, In-Q-Tel and Initiate.

The Veterans Health Administration uses Initiate's Identity Hub to eliminate duplicate records and improve matching of records in its master person index (MPI), which has 12 million entries. The software is also used to help match patient records in a three-state regional health information organization that the Markle Foundation's Connecting for Health supports.

The company's software is widely used in Canada, particularly in the provinces of Alberta, Newfoundland and Labrador, and Ontario. Canada Health Infoway, a federally funded nonprofit corporation that leads e-health efforts in the country, signed an agreement to use Initiate MPI software throughout Canada in May 2004, almost two years before In-Q-Tel made its investment in Initiate this March.

E-Health Gaffe Exposes Hospital.

Sat, 29 Jul 2006 15:52:43 GMT

Wired News: E-Health Gaffe Exposes Hospital

Wed, 26 Jul 2006 16:17:38 GMT

Georgetown University Hospital suspended a trial program with an electronic prescription-writing firm last week after a computer consultant stumbled upon an online cache of data belonging to thousands of patients, Wired News has learned.

The leaked information included patients' names, addresses, Social Security numbers and dates of birth, but not medical data or the drugs the patients were prescribed, says Marianne Worley, a spokeswoman for the Washington, D.C.-based hospital known for providing emergency care to the nation's most powerful political figures.

The hospital had securely transmitted the patient data to e-prescription provider InstantDx. But an Indiana-based consultant accidentally discovered the data on InstantDx's computers while working to install medical software for a client.

HHS unveils first e-health records certifications.

Wed, 19 Jul 2006 17:02:12 GMT

HHS unveils first e-health records certifications. The Department of Health and Human Services said today that 20 e-health record products have been certified as meeting national standards for functionality, interoperability and security. [Computerworld Privacy News]

Network Security: Protecting the Patient's Electronic Medical Data in the Health Care Organization.

Wed, 19 Jul 2006 16:46:32 GMT

Network Security: Protecting the Patient's Electronic Medical Data in the Health Care Organization. This research paper, submitted by Karen Watson, discusses the importance of protecting the patient and the patient[base ']s data in the evolving electronic medical record environment in the health care organization. By Karen Watson. [Infosec Writers Latest Security Papers]

HHS Announces New HIPAA Privacy Decision Tool for Emergency Preparedness Planning.

Sat, 08 Jul 2006 15:32:50 GMT

HHS Announces New HIPAA Privacy Decision Tool for Emergency Preparedness Planning. "This new tool strengthens America's ability to better prepare for emergencies such as manmade and natural disasters" [GT: Security and Privacy]

NHS database? No one asked me!

Wed, 05 Jul 2006 15:23:39 GMT

NHS database? No one asked me!

Reader doesn't want no steenking database

Letters Last week's story on the latest fiasco to hit the troubled NHS National Programme for IT (NPfIT) prompted this letter from a concerned reader:

[The Register]

The Fourth of July, 2006 is Privacy Digest's 7th Anniversary

Mon, 03 Jul 2006 16:14:11 GMT

Tomorrow, The Fourth of July 2006, Privacy Digest will have been publishing as this domain for seven years. We were actually around a bit longer as part of another blog. But on July 4, 1999, I decided that the issue was important enough to warrant it's own dedicated domain.

If you would like to help out my Amazon wishlist has a few things I need. More ideas on ways to support us can be found here.

Halamka says patients must be allowed to weigh the benefits and risks of digitizing their medical records

Mon, 03 Jul 2006 13:14:16 GMT

Technology Is Good; Privacy Is Personal. Opinion: John D. Halamka says patients must be allowed to weigh the benefits and risks of digitizing their medical records. [Computerworld Privacy News]

Miss. gets federal contract to secure residents' electronic health records - The Clarion-Ledger

Sun, 25 Jun 2006 12:39:05 GMT

Barbour said the Health Information Security and Privacy Collaboration project is designed to facilitate the widespread use of electronic health records within the next 10 years. It will address privacy and security issues in business policy, regulations and state laws posing challenges to the secure sharing of electronic health information to authorized entities throughout the nation. The contract is funded by Research Triangle Institute under contract with the Department of Health and Human Services in cooperation with the National Governors' Association.

Information & Quality Healthcare will serve as the state's lead on the project. The Mississippi-based independent quality improvement organization has a 35-year history in the state and a membership of nearly 1,800 physicians.

Federal Contract Granted to Address Privacy and Security of Electronic Health Records.

Sun, 25 Jun 2006 12:36:15 GMT

Federal Contract Granted to Address Privacy and Security of Electronic Health Records. Posted by Peerapong Tantamjarik An article today in the Jackson (MS) Clarion-Ledger reported that the state of Mississippi would receive a federal contract to implement the Health Information Security and Privacy Collaboration (HISPC). [Privacy and Security Law Blog]

Medical Privacy Law Nets No Fines

Thu, 08 Jun 2006 14:09:14 GMT

In the three years since Americans gained federal protection for their private medical information, the Bush administration has received thousands of complaints alleging violations but has not imposed a single civil fine and has prosecuted just two criminal cases.

Of the 19,420 grievances lodged so far, the most common allegations have been that personal medical details were wrongly revealed, information was poorly protected, more details were disclosed than necessary, proper authorization was not obtained or patients were frustrated getting their own records.

The government has "closed" more than 73 percent of the cases -- more than 14,000 -- either ruling that there was no violation, or allowing health plans, hospitals, doctors' offices or other entities simply to promise to fix whatever they had done wrong, escaping any penalty.

"Our first approach to dealing with any complaint is to work for voluntary compliance. So far it's worked out pretty well," said Winston Wilkinson, who heads the Department of Health and Human Services' Office of Civil Rights, which is in charge of enforcing the law.

Vast DNA Bank Pits Policing Vs. Privacy

Tue, 06 Jun 2006 14:16:19 GMT

Brimming with the genetic patterns of more than 3 million Americans, the nation's databank of DNA "fingerprints" is growing by more than 80,000 people every month, giving police an unprecedented crime-fighting tool but prompting warnings that the expansion threatens constitutional privacy protections.

With little public debate, state and federal rules for cataloging DNA have broadened in recent years to include not only violent felons, as was originally the case, but also perpetrators of minor crimes and even people who have been arrested but not convicted.

Now some in law enforcement are calling for a national registry of every American's DNA profile, against which police could instantly compare crime-scene specimens. Advocates say the system would dissuade many would-be criminals and help capture the rest.

FCW.com - Privacy compliance has declined

Fri, 26 May 2006 16:23:24 GMT

Three years after federal rules governing the privacy of patients' medical records went into effect, compliance seems to have declined, according to an annual survey conducted by the American Health Information Management Association (AHIMA).

The association surveyed 1,117 hospitals and health systems, asking officials at the facilities about compliance with Health Insurance Portability and Accountability Act (HIPAA) rules. Although 91 percent said in 2005 that they were mostly compliant, that number dropped to 85 percent this year.

"A slight drop in the number of facilities reporting themselves to be fully or mostly compliant with HIPAA should serve as a warning to the industry that compliance should not be taken for granted," AHIMA President Jill Callahan Dennis said in a written statement.

Survey respondents cited lack of resources and diminished management support as the chief reasons for faltering compliance. The survey also asked about compliance with HIPAA information security rules, which took effect in 2005. About 75 percent of the respondents said they were fully or mostly compliant, a 60 percent increase from a year earlier.

AHIMA officials said this result suggests that compliance with the security rules is easier than with the privacy rules.

When respondents were asked what areas of the HIPAA privacy rule the federal government should change, more than a quarter of them said they should not have to account for all disclosures of protected health information. (Ed. Emphasis added)

The rule gives patients a right to know who has seen their records other than the people involved in their treatment, payment or health care operations. More than half of the respondents cited some difficulties in complying with this provision.

Red Cross warns blood donors of possible ID thefts in Midwest.

Fri, 26 May 2006 16:08:59 GMT

Red Cross warns blood donors of possible ID thefts in Midwest. The Missouri-Illinois Blood Services Region, an American Red Cross agency, is warning 1 million blood donors that personal information about them was allegedly stolen by a former employee in March. [Computerworld Privacy News]

Kansas Announces Medical Records Project.

Fri, 26 May 2006 16:03:17 GMT

Kansas Announces Medical Records Project. "Interoperable health information exchange has the potential to dramatically improve health care quality and safety and help stem rising health care costs while at the same time ensuring patient privacy." [GT: Security and Privacy]

Maine to Take Part in National Project Aimed at Protecting Privacy of Patient Information.

Fri, 26 May 2006 16:01:51 GMT

Maine to Take Part in National Project Aimed at Protecting Privacy of Patient Information. This project focuses on allowing data from existing systems within practices, hospitals, pharmacies and others to interconnect and transmit data across sites" [GT: Security and Privacy]

Vast Data Cache About Veterans Is Stolen - New York Times

Tue, 23 May 2006 19:16:57 GMT

Personal electronic information on up to 26.5 million military veterans, including their Social Security numbers and birth dates, was stolen from the residence of a Department of Veterans Affairs employee who had taken the data home without authorization, the agency said Monday.

The department said that there was no evidence any of the information had been used illegally and that whoever stole it, in a burglary of the employee's home this month, might be unaware of its nature or how to use it. The stolen data do not include any health records or financial information, the agency said.

But it was immediately clear from the sheer numbers involved, as well as the tone of the announcement and the steps taken in the aftermath of the theft, that the breach was deeply embarrassing to the agency.

"As a result of this incident, information identifiable with you was potentially exposed to others," Jim Nicholson, the secretary of veterans affairs, wrote in a letter being sent to the veterans who might be affected.

As measured by the number of people potentially affected, the data loss is exceeded only by a breach last June at CardSystems Solutions, a payment processor, in which the accounts of 40 million credit card holders were compromised in a hacking incident.

But in that breach, any exposure could be addressed by simply canceling those accounts. In the latest incident, three crucial keys to unlocking a person's financial life âo[per thou] name, Social Security number and date of birth âo[per thou] may have been set loose. Those cannot be canceled, and a clever thief can use them to begin trying to open new accounts, secure loans, buy property and otherwise wreak havoc on the victim's credit history.

Privacy and Security Law Blog: Medical Records: Who Owns the Information?

Wed, 10 May 2006 11:59:36 GMT

In today's New York Times Dr. Klitzman, a psychiatrist at Columbia University, writes a short essay describing how a mother reviewed her paper medical chart at a clinic and, without informing any clinic staff, removed certain pages from her records. Those pages contained information revealing that she was at risk for Huntington's Disease, a fatal genetic disorder for which famous folk singer, Woody Guthrie, died of. As the mother put it, "I stole it for my kids' sake" - which is not all too hard to fathom. She was frightened that because Huntington's is hereditary, her kids would be denied health coverage if insurance companies found out about it. Dr. Klitzman was disturbed by her actions; after all, to whom does the chart belong? The health information is the mother's, but the paper chart belongs to the clinic. But the scenario presents a larger concern regarding privacy of health information, and how patients' confidence in the appropriate security and usage of such information could guide their actions in response, including the secret taking of chart pages. As a legal matter, states vary greatly in the protections against genetic discrimination and privacy. Some provide overarching prohibitions against genetic discrimination and disclosure, while others protect for only specified genetic conditions. [...]

The Quest for Privacy Can Make Us Thieves - New York Times

Wed, 10 May 2006 11:56:54 GMT

"I stole it for my kids' sake," she told me, "so they will be able to get insurance." The woman had secretly removed pages from her medical record, tucked them into her pocket and left the clinic. Those pages contained information showing that she was at risk for Huntington's disease.

If a parent has Huntington's, a fatal genetic disorder, each child has a 50 percent chance of getting it, too. The symptoms include involuntary and uncontrolled movements and psychiatric and memory problems, usually starting when patients are in their 40's or 50's. The folk singer Woody Guthrie died of it.

This woman, treated in New England, had seen her mother die of the disorder and feared for herself and her children. She was concerned that the information, once in the medical record, would be seen by insurance companies and that her children might then be denied insurance in the future.

Intrusion Prevention Systems in the Healthcare Environment.

Fri, 05 May 2006 03:51:47 GMT

Intrusion Prevention Systems in the Healthcare Environment. Lakisha Thomas submits this paper reviewing HIPPA requirements and how IDS/IPS helps meet those requirements. By Lakisha Thomas. [Infosec Writers Latest Security Papers]

Potential Security Vulnerabilities of a Wireless Network in a Military Healthcare Facility.

Thu, 27 Apr 2006 14:44:17 GMT

Potential Security Vulnerabilities of a Wireless Network in a Military Healthcare Facility. This paper, submitted by Jason Meyer, will look into the regulations governing data security on a military network as well as a military healthcare network. By Jason Meyer. [Infosec Writers Latest Security Papers]

Sexual Freedom Protected; Iran Cracks Down

Mon, 24 Apr 2006 16:04:38 GMT

A federal judge in Kansas ruled that the state's attorney general incorrectly enforced a 1982 state child abuse law to require health-care providers to report most sexual activity of minors under age 16--including consensual sex--as child abuse. Under the attorney general's opinion, which argued that all sexual activity among minors was "inherently injurious," physicians who failed to report their sexual activity could have faced misdemeanor charges carrying up to six months in jail and a fine of $1,000, the Kansas City Star reported April 19.

The Center for Reproductive Rights, an advocacy group based in New York that brought the lawsuit, hailed the ruling as an important victory for privacy rights and as the first ruling to protect the health care privacy rights of young people. Privacy is the legal basis for abortion rights in the United States.

The Kansas attorney general's policy "is part of a larger trend by the anti-choice movement to limit adolescents' privacy in and access to reproductive health care," the center said in a press release.