• Categories

  • Archives

    « Home

    Archive for November, 2009

    Note to Readers: Happy Thanksgiving!

    Wednesday, November 25th, 2009

    In the United States, this week includes the Thanksgiving holiday, so I’m taking some time off. Posts will resume on Monday, November 30. Have a nice holiday!

    CBC News: Depressed woman loses benefits over Facebook photos

    Tuesday, November 24th, 2009

    CBC News reports that Manulife, a major Canadian insurance company, has revoked an Ontario woman’s sick leave benefits after the company accessed photos from Nathalie Blanchard’s Facebook profile — a profile that she had set as private and only viewable by approved friends. (See my comments after the jump about another Canadian case concerning a private Facebook profile.)

    Blanchard had been on sick leave for the last year and a half while battling depression, but the checks recently ended. CBC News reports that when she called Manulife to ask why, the company said, “I’m available to work, because of Facebook.”

    She said her insurance agent described several pictures Blanchard posted on the popular social networking site, including ones showing her having a good time at a Chippendales bar show, at her birthday party and on a sun holiday — evidence that she is no longer depressed, Manulife said. […]

    Blanchard said that on her doctor’s advice, she tried to have fun, including nights out at her local bar with friends and short getaways to sun destinations, as a way to forget her problems. Read more »

    NCPA and Consumer, Privacy Advocates Urge Feds to Investigate CVS Caremark for Alleged HIPAA Violations

    Tuesday, November 24th, 2009

    The National Community Pharmacists Association announced that it has joined several consumer privacy groups (Consumer Action, U.S. Public Interest Research Group, Patient Privacy Rights, Private Citizen, and Privacy Journal) in asking the U.S. Department of Health and Human Services’ Office for Civil Rights and the Federal Trade Commission to investigate CVS Caremark for potential violations of the Health Insurance Portability and Accountability Act (HIPAA). NCPA represents the pharmacist owners, managers and employees of more than 22,000 independent community pharmacies in the United States. The press release explains:

    The Health Insurance Portability and Accountability Act (HIPAA) allows CVS Caremark access to information on patients covered by its pharmacy benefit manager division for administering claims and other limited purposes. Ninety-three company letters collected by NCPA document CVS Caremark tapping into personal medical histories for marketing purposes, such as to urge patients to switch an existing prescription from their independent community pharmacy to a CVS retail or Caremark mail order pharmacy. Even solicitations regarding prescriptions of a sensitive nature were mailed, increasing the risk that a neighbor or other unauthorized person might inadvertently learn of a medical condition. A redacted example letter can be found here.

    In the letter (pdf), the groups claim: “We have collected over 300 complaints covering a wide range of deceptive, fraudulent or otherwise egregious practices. One of the most common complaints we have received clearly indicates that CVS Caremark, in its role as a pharmacy benefits manager, has been accessing protected health information entrusted to them for pharmacy claims administration by health plans and competitor pharmacies in order to steer patients to CVS pharmacies for their own financial gain.” Read more »

    Op-ed at New York Times: GPS and Privacy Rights

    Tuesday, November 24th, 2009

    The New York Times has an editorial concerning GPS (a location-tracking technology) and how it affects individual privacy rights.

    The Supreme Court has not considered the question of whether the police need a court order to install a GPS device. The government has tried to draw an analogy to a 1983 case in which the court ruled that the police do not need a warrant to use a radio beeper to track a vehicle on public roads, but the circumstances were different. In that case, the police were conducting visual surveillance of a particular suspect’s movements, and a beeper augmented the officers’ senses. A modern GPS device is a far more potent means of tracking people than a beeper.

    Lower courts have reached different conclusions. A panel of the Chicago-based United States Court of Appeals for the Seventh Circuit ruled in 2007 that a warrant is not required for remote surveillance by a GPS device, although it said that if the police began to use the technique on a large scale it might violate the Fourth Amendment.

    The Times points to People v. Weaver (pdf), a state court case. New York’s highest court held that police needed a warrant to attach a GPS tracker to the suspect’s car and monitor him for more than two months. Chief Judge Jonathan Lippman said: Read more »

    Las Vegas Sun: Hospital privacy leak could harm patients

    Monday, November 23rd, 2009

    UPDATE on Johns Hopkins case added below.

    In the last few weeks, there have been numerous stories about insiders accused of abusing their access to government or corporate databases. A police chief in Iowa has been suspended while there’s an investigation into whether he misused his access to driver’s license and criminal history data. The Associated Press reported that a T-Mobile employee is accused of violating the privacy of millions of T-Mobile UK by selling their data to rival companies. In Australia, a former police officer “pleaded guilty to repeatedly using [a police] computer between 2006 and 2008 to get the details of women he had seen in public.” Also, it was revealed that President Obama’s nominee to head the Transportation Security Administration had been censured for misusing government database information for personal reasons.

    Now, the Las Vegas Sun reports, “Private information about accident victims treated at University Medical Center has apparently been leaking for months, the Sun has learned, allegedly so ambulance-chasing attorneys could mine for clients.”

    Sources say someone at UMC is selling a compilation of the hospital’s daily registration forms for accident patients. This is confidential information — including names, birth dates, Social Security numbers and injuries — that could also be used for identity theft.

    Hospital officials knew of rumors of the leaks since the summer, but doubted them until provided evidence Thursday by the Sun. Now they’re scrambling to catch up to a crisis that may affect hundreds, if not thousands, of patients. Read more »

    China Post: Wife catches lawsuit instead of cheater

    Monday, November 23rd, 2009

    The China Post reports on a woman accused of using surveillance equipment to track her husband. This is a story that has occurred in the United States, as well. I have written before about spyware and how targets of such tracking are starting to use counter-surveillance technologies.

    In January, a report from the Department Justice highlighted how stalkers use technology: “Electronic monitoring was used to stalk 1 in 13 victims. Video or digital cameras were equally likely as listening devices or bugs to be used to electronically monitor victims (46% and 42%). Global positioning system (GPS) technology comprised about a tenth of the electronic monitoring of stalking victims.”

    The China Post reports:

    A woman and her accomplices were arrested for violating the law for privacy protection by hiring private detectors to unlawfully install bugs on her spouse’s vehicle and scooter. After the spouse uncovered the hidden bugs, the wife and the two investigators were arrested after they confessed to the police. Read more »