The American Hospital Association will host two teleconference calls to explain the proposed changes to federal rules regarding their obligation to protect the patient medical records privacy. Among the proposed changes are new rules third parties who may gain access to or collect patient information must protect patient privacy. Many non-health care providing entities that collect medical information claim to be "HIPAA compliant," which means they elect to adopt policy that reflect federal regulations that HIPAA covered entities must follow.
AHA to Explain Proposed Privacy Rule
The First Circuit Court of Appeals has upheld a Maine law that bans the sale of prescriber-identifiable prescription drug data for marketing purposes. Data mining companies had challenged the law, claiming that the privacy measure violated their free speech rights, an argument that the court rejected because "the statute regulates conduct, not speech, and even if it regulates commercial speech, that regulation satisfies constitutional standards." The decision in IMS Health v. Mills followed a decision by a panel of the same court in IMS Health v. Ayotte, upholding a similar law in New Hampshire. In that case, as well as in a similar case regarding a Vermont law, EPIC and several privacy and technology experts filed "friend of the court" briefs arguing that there is a substantial state interest in privacy protection and that the data miners' de-identification practices do not, in fact, protect patient privacy. A decision in the Vermont case is expected soon. For more information, see IMS Health v. Ayotte, IMS Health v. Sorrell.
In an open government lawsuit against the United States Marshals Service, EPIC has obtained more than one hundred images of undressed individuals entering federal courthouses. The images, which are routinely captured by the federal agency, prove that body scanning devices store and record images of individuals stripped naked. The 100 images are a small sample of more than 35,000 at issue in the EPIC lawsuit. EPIC has pursued a but the DHS refuses to release the images it has obtained. EPIC has also filed suit to stop the deployment of the machines in US airports. For more information, see EPIC Body Scanners, EPIC - EPIC v. DOJ (Marshall Service FOIA), and EPIC Press Release.
Wal-Mart has announced that it will begin inserting Radio Frequency Identification (RFID) chips into some of its men's clothing, including jeans, underwear, and socks, starting August 1. The retailer has stated that its goal is to expand the use of the tags to its other merchandise as well. Previously RFID tags have only been used in larger packages for warehouse and distribution use, but this will be the first time the tags are used in the stores for individual products that will be taken home by consumers. The tags will remain readable from a short range even after they are removed from the store. For more information, see EPIC RFID Systems.
In prepared testimony (PDF) for a Congressional hearing on "Online Privacy, Social Networking and Crime Vicitimization," EPIC Executive Director Marc Rotenberg urged lawmakers to update federal law to protect the privacy of Facebook users. Mr. Rotenberg said that Facebook's constant changes to the privacy settings of users have made it virtually impossible for users to control who gets access to their personal information. He also said that the failure of the Federal Trade Commission to investigate Facebook's business practices means that Congress must now amend the federal privacy law to limit the ability of Social Network companies to disclose user information to third parties without informed and explicit consent. Also testifying at the hearing are witnesses from the FBI, the Secret Service, Symantec, and Facebook. For more information, see EPIC Social Networking Privacy, EPIC Facebook, and EPIC In re Google Buzz.
Privacy Advocate Betty Ostergren has won in federal appeals court in her challenge to a state law designed to prosecute her for drawing attention to the state's online publication of SSNs. In Ostergren v. Cuccinelli, the court ruled that the Commonwealth of Virginia may not prosecute Ostergren for publishing the SSNs of state officials available in public land records until the Commonwealth itself stops making these unredacted documents available. EPIC filed a "friend of the court" brief in support of Ostergen, urging the court to hold that the First Amendment protects Ostergren's speech. For more information, see EPIC Ostergren v. McDonnell, EPIC Social Security Numbers, and EPIC Identity Theft.
New York Governor David Paterson signed a bill into law last week requiring the NYPD to expunge the names and addresses in a database of people who had been stopped and questioned by police but never charged with any crimes. In signing the bill, Governor Paterson said that "simple justice as well as common sense suggest that those questioned by police and not even accused of a crime should not be subjected to perpetual suspicion." For more information, see EPIC New York Stop-and-Frisk Database.
In a recent study by Foresee Results and the University of Michigan, Facebook has scored extremely low in the area of customer satisfaction. The 2010 American Customer Satisfaction Index E-Business Report included social networking companies for the first time, and Facebook scored a 64, putting it "in the bottom 5% of all measured private sector companies and in the same range as airlines and cable companies." The polling company attributed Facebook's low scores to "privacy concerns, frequent changes to the website, and commercialization and advertising." For more information, see EPIC Facebook Privacy and EPIC Public Opinion on Privacy.
Connecticut Attorney General Richard Blumenthal announced in a press release that 38 states and the District of Columbia are seeking additional information about Google's collection of Wi-Fi data from private, residential computer networks. Blumenthal also sent a letter to Google, asking for information about Google's packet-sniffing software, the testing and review procedures, and the internal investigation of the code that "accidentally" recorded unencrypted Wi-Fi traffic in 30 countries over a three-year period. In May, EPIC wrote to the Federal Communications and recommended an investigation, noting that the collection of Wi-Fi data likely violates several federal privacy laws. Google has since suspended its Wi-Fi data collection activities. For more information, see EPIC: Street View Investigations.
