The New York Times has an interesting story on the privacy issues that hospitals are facing as they try to identify patients with special risks.

New York’s 11 public hospitals are at the forefront of a national movement to standardize color coding of hospital wristbands to designate patient conditions, in which purple — the color of amethyst — means “Do Not Resuscitate.” Red, or ruby, indicates allergies, while yellow — call it amber — marks someone at risk for falling.

The goal is to prevent potentially dangerous mistakes, like giving the wrong food to an allergic child, or allowing a patient with balance problems to walk unescorted down a freshly waxed hallway. The drive was spurred, in part, by a notorious 2005 Pennsylvania case in which a patient nearly died because a nurse used a yellow band thinking it meant “restricted extremity” (don’t draw blood from that arm), as it did at another hospital where the nurse sometimes worked, when at this hospital it meant D.N.R. (more…)

Various news sources are reporting that the UK Information Commissioner’s Office found the Liberal Democrats breached privacy and electronic communications regulations when they made automated phone calls to 250,000 constituents after a speech by the party leader. According to the ICO press release (pdf):

Last week the Liberal Democrats made a substantial number of automated calls featuring a recorded message from Nick Clegg to households across the country. After reviewing the phone script the ICO concluded that the calls were made for the purpose of promoting the Liberal Democrats and therefore constituted direct marketing.

In addition, the ICO has now received a number of complaints from those who received calls without giving their prior consent. The Privacy and Electronic Communication Regulations forbid the use of automated unsolicited direct marketing calls to any individual who has not previously given their consent to receive such calls. (more…)

Disclosure: I believe the REAL ID Act creates a fundamentally flawed national identification system and the Act should be repealed.

Congress has passed (and President Bush is expected to sign) H.R. 2638, a budget bill that funds federal agencies though March. The bill includes a provision granting $100 million for state implementation of the REAL ID system (on top of the $79 million in grants the Department of Homeland Security gave to states for implementation of the REAL ID Act in June.)

In May 2005, the REAL ID Act was appended to a bill providing tsunami relief and military appropriations and passed with little debate and no hearings, though members of Congress called for hearings. The REAL ID Act of 2005 mandates that state driver’s licenses and ID cards follow federal technical standards and verification procedures issued by the Department of Homeland Security, standards that even the federal government cannot meet.

The REAL ID system (pdf) also enables tracking, surveillance, and profiling of the American public through the interlinking of the motor vehicle databases of all 56 states and territories, the use of an unencrypted machine-readable zone on the state ID cards and driver’s licenses, and the ability for the system to be used for much more than the few purposes set out by the 2005 law.

H.R. 2638 grants “$50,000,000, to remain available until expended” for general implementation. It also grants $50 million “In addition, for developing an information sharing and verification capability with States to support implementation of the REAL ID Act.”

In June, DHS detailed the “verification hub” plan. “The hub will act as a central router to provide timely, accurate, and cost-effective verification to motor vehicle departments of an applicant’s source documents. States will be able to seamlessly verify the identity, lawful status and social security number of an applicant through this common interface,” DHS said.

(more…)

The Associated Press reports a disturbing breach of patient privacy in New Mexico.

Two employees of a U.S. hospital have been fired for using cellphone cameras to take photographs of patients who were receiving treatment and then posting the images to a social networking Web site.

Sam Giammo, the director of public affairs at University of New Mexico Hospital, said Sunday that the photographs - mainly close-ups of injuries being treated in the Albuquerque hospital’s emergency room over the past few months - had been posted on an employee’s private MySpace page.

I’ve blogged before about how information from social networking sites is being used against individuals. Such data has been used in criminal trials and against job applicants. Now, education services firm Kaplan reveals “a Kaplan survey of 320 admissions officers from the nation’s top colleges and universities revealed that one out of ten admissions officers has visited an applicant’s social networking Web site as part of the admissions decision-making process.” Kaplan also surveyed admissions officers at business, law and medical schools and found similar results.

Admissions officers at 9 percent of business schools, 15 percent of law schools and 14 percent of medical schools surveyed report having visited applicants’ social networking sites during the admissions decision-making process.

As you might expect, such site visits can lead to bad results for the school applicant.

The good news: a quarter of those who report viewing applicants’ sites say that these viewings have generally had a positive impact on their evaluation. The bad news: a greater percentage (38 percent) report that applicants’ social networking sites have generally had a negative impact on their admissions evaluation.

(more…)

News sources are reporting on case concerning text messaging spam. Timberland and GSI Commerce will establish a $7 million fund to settle “a class-action lawsuit that charged them with sending text messages to customers in violation of the U.S. Telephone Consumer Protection Act,” according to IDG News Service. “Timberland and GSI deny that they’ve done anything wrong and blamed a third-party company that they say was supposed to secure consent from the people who received the messages.” People who received the text message can go to TimberlandTextSettlement.com to apply for a $150 payment.