The Wall Street Journal reports on controversy surrounding proposed legislation in Kentucky that could affect individuals’ medical privacy rights:

Politicians, law-enforcement officials and physicians in Kentucky are locking horns over a proposed bill to crack down on the abuse of prescription drugs, in a debate that pits patient privacy against efforts to curb the nation’s expanding epidemic of addiction to painkillers.

More than seven million Americans use prescription drugs such as oxycodone for nonmedical reasons, dwarfing the 1.5 million addicted to cocaine, and Kentucky is an epicenter of abuse, according to the Drug Enforcement Administration. [...]

The Republican-controlled Senate is considering a vote as early as Friday on a bill that would restrict ownership of pain clinics to licensed physicians and give law enforcement easier access to the state’s prescription-drug database, which tracks writers and recipients of prescriptions, as well as where the drugs are dispensed. Such a law would help law-enforcement officials better identify addicts, dealers and shady doctors helping patients amass piles of painkillers, supporters of the bill say. [...] Read more »

The New York Times reports on new technologies that could affect individuals’ privacy and civil liberties:

The thorny privacy issues of tomorrow were on display Thursday morning, when AT&T showed off a batch of technologies under development at AT&T Labs, the company’s research arm.

Researchers showed off door handles that unlock when you tap your phone against them, or even when the device is still in your pocket, sending vibrations through your body and into your fingertips. There was a steering wheel that communicates with a GPS device and vibrates to tell you which way to turn, and an app that works with sensors in your personal possessions to tell you when you have left something behind.

A number of the tools focused on taking advantage of data about a user’s location, pointing toward tensions that will very likely increase as products are developed that use mobile devices as sensors and transmitters. These issues are not necessarily about what AT&T or other companies will do with their users’ personal data — although it is clear that there will be no shortage of concerns about that, either — but potential conflicts created by tools intended for people to keep track of one another. [...] Read more »

In an opinion column at the Washington Post, the Brookings Institution’s Benjamin Wittes and John Villasenor discuss privacy and other problems with the use of aerial drones (also known as unmanned aerial vehicles, “UAVs”) to conduct surveillance in the United States. Earlier this year, the FAA reauthorization bill was passed, which includes a provision to integrate the use of aerial surveillance by drones in the United States by Sept. 30, 2015. Wittes and Villasenor write:

In February, President Obama signed into law a reauthorization of the Federal Aviation Administration (FAA) that requires the agency — on a fairly rapid schedule — to write rules opening U.S. airspace to unmanned aerial vehicles. This puts the FAA at the center of a potentially dramatic set of policy changes that stand to usher in a long list of direct and indirect benefits. But the FAA is not a privacy agency. And although real privacy concerns have arisen about these aircraft, asking the agency to take on the role of privacy czar for unmanned aerial vehicles (UAVs) would be a mistake.

UAVs, commonly known as drones, offer real promise for an array of domestic applications. In an era of ever-tighter budgets, they could dramatically reduce the cost to law enforcement agencies and private companies involved in gathering vital — in some cases, lifesaving — information. [...]

Significant concerns have also arisen about the possibility that law enforcement agencies, companies and private individuals might exploit UAVs to acquire invasive imagery. The current legal framework with respect to observations from above by government is not particularly protective of privacy. Read more »

Agence France-Presse reports that the European Parliament has approved a passenger-name record (PNR) data-sharing agreement with the United States:

STRASBOURG — A controversial deal enabling transfer of EU air passenger data to US authorities as part of the global fight against terrorism was finally approved Thursday in the European Parliament.

After two years of wrangling due to privacy concerns, a majority of MEPs gave the deal their green light, with 409 voting in favour, 226 against and 33 abstentions.

The agreement, intended to replace a provisional accord from 2007, sets the legal conditions to transfer air passengers’ personal data to the US Department of Homeland Security. [...]

PNR information is provided by travellers and collected by air carriers during reservation and check-in procedures. Read more »

The Health and Human Services department announced a settlement (agency pdf; archive pdf) concerning medical privacy with Phoenix Cardiac Surgery, an Arizona company. The agency investigated the company for violations of HIPAA (the Health Insurance Portability and Accountability Act):

Phoenix Cardiac Surgery, P.C., of Phoenix and Prescott, Arizona, has agreed to pay the U.S. Department of Health and Human Services (HHS) a $100,000 settlement and take corrective action to implement policies and procedures to safeguard the protected health information of its patients.

The settlement with the physician practice follows an extensive investigation by the HHS Office for Civil Rights (OCR) for potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy and Security Rules.

The incident giving rise to OCR’s investigation was a report that the physician practice was posting clinical and surgical appointments for its patients on an Internet-based calendar that was publicly accessible.  On further investigation, OCR found that Phoenix Cardiac Surgery had implemented few policies and procedures to comply with the HIPAA Privacy and Security Rules, and had limited safeguards in place to protect patients’ electronic protected health information (ePHI).  [...] Read more »

In a letter (pdf) to members of the House of Representatives, 36 groups (including the American Civil Liberties Union, American Library Association, Center for National Security Studies, Electronic Frontier Foundation, Government Accountability Project, and the Republican Liberty Caucus) urged them to vote “No” to H.R. 3523, the “Cyber Intelligence Sharing and Protection Act of 2011 (CISPA).” The legislation is scheduled for consideration on the House floor next week. The groups wrote:

CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s ‘information sharing’ regime allows the transfer of vast amounts of data, including sensitive information like internet use history or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Read more »