Last year, I was co-counsel on an amicus curiae brief (pdf) in IMS Health v. Ayotte, a case about a New Hampshire state law that banned the sale of prescriber-identifiable prescription drug data for marketing purposes. This week, the US Court of Appeals for the First Circuit upheld (pdf) the New Hampshire law. This decision overturns the ruling (pdf) of the lower court, which held that the New Hampshire law violated the free speech rights of data mining companies. 

The First Circuit rejected the free speech argument and based their decision on two points. First:

Second:

Even if the Prescription Information Law amounts to a regulation of protected speech — a proposition with which we disagree — it passes constitutional muster. In combating this novel threat to the cost-effective delivery of health care, New Hampshire has acted with as much forethought and precision as Constitution demands. (more…)

A number of organizations have created documents to offer the Obama-Biden transition team guidance on priorities in the new administration. The issues are broad, including detainee rights, reproductive health, education, open government, security, and privacy, among others. This is Part Two of an unknown number of posts on such transition plans. I will post documents of interest as I find them. This post includes plans from CDT, Human Rights Watch, and the Cato Institute. Here is Part One.

The Center for Democracy and Technology focuses on, “The Internet in Transition: A Platform to Keep the Internet Open, Innovative and Free” in its document (pdf).

Restoring the Balance between Security and Liberty
[...] In order to restore the balance between security and liberty, the next President and Congress should take specific steps, including the following:

• [...] The next President and Congress should work together to enact legislation to update communications privacy laws to account for dramatic advances in technology.
• The next President and Congress should adopt a balanced framework for information sharing and analysis for counterterrorism purposes.
• The next President and Congress should revisit the REAL ID Act and ensure that all governmental identification programs are necessary and effective and subject to adequate privacy and security protections.
• The next President and Congress should work together to update the Privacy Act; the next President should assiduously enforce the Act’s protections.

Preserving Free Speech and Protecting Children Online
[...] In order to preserve free speech and protect children online, the next President and Congress should take specific steps, including the following: (more…)

A number of organizations have created documents to offer the Obama-Biden transition team guidance on priorities in the new administration. The issues are broad, including detainee rights, reproductive health, education, security, and privacy, among others. This is Part One of an unknown number of posts on such transition plans. I will post documents of interest as I find them. This post includes plans from the ACLU, EFF, and American Constitution Society.

I have been working on this at the ACLU, which has published a transition plan, “Actions for Restoring America.” The privacy issues include:

1. Warrantless spying.
Issue an executive order recognizing the president’s obligation to comply with FISA and other statutes, requiring the executive branch to do so, and prohibiting the NSA from collecting the communications, domestic or international, of U.S. citizens and residents. Issue an executive order prohibiting new FISA powers from being used to conduct suspicionless bulk collection. Re-examine the recent amendments to Executive Order 12333 to limit and regulate all intelligence community activities and to fully protect the privacy and civil liberties of U.S. citizens and residents. Repeal and make public any secret executive orders that limit or qualify that order. Order the attorney general to launch an investigation to determine if any laws were broken or to appoint a special counsel to do the same.

2. Watch lists.
Issue an executive order requiring watch lists to be completely reviewed within 3 months, with names limited to only those for whom there is credible evidence of terrorist ties or activities. Repeal Executive Order 13224, which creates mechanisms for designating individuals and groups as terrorist suspects and preventing US persons and companies from doing business with them - a power of such breadth that, the record shows, it inevitably leads to the designation of many innocent people and does more harm than good.

3. Freedom of Information - Ashcroft Doctrine.
Direct the attorney general to rescind the “Ashcroft Doctrine” regarding Freedom of Information Act compliance, which instructs agencies to withhold information whenever there is a “sound legal basis” for doing so, and return to the compliance standard under Attorney General Janet Reno, which promoted an “overall presumption of disclosure” of government information through the FOIA unless it was “reasonably foreseeable that disclosure would be harmful.” (more…)

The transition site has been created for the incoming administration of President-Elect Barack Obama and Vice President-Elect Joe Biden. It contains a variety of information on plans for the future, including some that affect individual privacy. Here are a few items of interest under the Protecting America section.

 Defeat Terrorism Worldwide

• [...] New Capabilities to Aggressively Defeat Terrorists: Barack Obama and Joe Biden will improve the American intelligence apparatus by investing in its capacity to collect and analyze information, share information with other agencies and carry out operations to disrupt terrorist operations and networks. [...]

Strengthen American Biosecurity

• [...] Prevent Bioterror Attacks: Obama and Joe Biden will strengthen U.S. intelligence collection overseas to identify and interdict would-be bioterrorists before they strike.
• Build Capacity to Mitigate the Consequences of Bioterror Attacks: A well-planned, well-rehearsed, and rapidly executed epidemic response can dramatically diminish the consequences of biological attacks. Barack Obama will ensure that decision-makers have the information and communication tools they need to manage disease outbreaks by linking health care providers, hospitals, and public health agencies.

Protect Our Information Networks
As president, Barack Obama will lead an effort, working with private industry, the research community and our citizens, to build a trustworthy and accountable cyber infrastructure that is resilient, protects America’s competitive advantage, and advances our national and homeland security. [...]

• Mandate Standards for Securing Personal Data and Require Companies to Disclose Personal Information Data Breaches: Nearly 10 million Americans are victims of identity theft each year, costing more than $55 billion. We must ensure that the privacy of personnel data in computer systems is better protected. The federal government must partner with industry and our citizens to secure personal data stored on government and private systems. An Obama administration will institute a common standard for securing such data across industries and will back strong legislation to protect the rights of individuals in the information age. [...] (more…)

A one-day Town Hall meeting to enable health care experts to share knowledge and experience of medical identity theft and how health IT can be utilized to prevent and detect medical identity theft.

Medical Identity Theft Town Hall
Sponsored by the U.S. Department of Health and Human Services,
Office of the National Coordinator for Health Information Technology

RSVP: MedIDTheftTownHall@hhs.gov and indicate that you are planning to attend in person or by webcast.

The Town Hall’s focus will consider how medical identity theft should be addressed in a health information technology (health IT) environment. Health care stakeholders from the public and private sectors will share their knowledge and experience and gain insights into trends and future developments.

As part of ONC’s mission to assure that electronic health information exchange is secure, this Town hall is designed to increase understanding of the medical identity theft landscape. Public discussion during the Town Hall will feed into and support potential recommendations for the prevention, detection, and remediation of this form of identity theft, leveraging health IT and best practices, and to foster ongoing collaboration and communication.

Date: October 15th, 2008
Location: Federal Trade Commission, Conference Center; 601 New Jersey Avenue, NW; Washington, DC
For more information: http://www.hhs.gov/healthit/privacy/identytheft.html#II

The New York Times has an interesting story on the privacy issues that hospitals are facing as they try to identify patients with special risks.

New York’s 11 public hospitals are at the forefront of a national movement to standardize color coding of hospital wristbands to designate patient conditions, in which purple — the color of amethyst — means “Do Not Resuscitate.” Red, or ruby, indicates allergies, while yellow — call it amber — marks someone at risk for falling.

The goal is to prevent potentially dangerous mistakes, like giving the wrong food to an allergic child, or allowing a patient with balance problems to walk unescorted down a freshly waxed hallway. The drive was spurred, in part, by a notorious 2005 Pennsylvania case in which a patient nearly died because a nurse used a yellow band thinking it meant “restricted extremity” (don’t draw blood from that arm), as it did at another hospital where the nurse sometimes worked, when at this hospital it meant D.N.R. (more…)