The Washington Post has a story on the privacy of newborn children’s DNA, noting that sometimes the medical data is collected and retained without parents’ knowledge or consent. The data collection is done when children are born in hospitals. “Hospitals prick the heels of more than 4 million babies born each year in the United States to collect a few drops of blood under state programs requiring that all newborns be screened for dozens of genetic disorders.”

A group of parents [is] challenging Minnesota’s practice of storing babies’ blood samples and allowing researchers to study them without their permission. The confrontation, and a similar one in Texas, has focused attention on the practice at a time when there is increasing interest in using millions of these collected “blood spots” to study diseases.

Michigan, for example, is moving millions of samples from a state warehouse in Lansing to freezers in a new “neonatal biobank” in Detroit in the hopes of helping make the economically downtrodden city a center for biomedical research. The National Institutes of Health, meanwhile, is funding a $13.5 million, five-year project aimed at creating a “virtual repository” of blood samples from around the country. (more…)

A reporter for the Daily Mirror in the United Kingdom filed requests for data under the country’s freedom of information laws to 46 organizations and received a mountain of data. The organizations “included Government agencies, schools and universities, hospitals, dentists and GP surgeries and firms [the reporter] used.” He said, “Stacked over two feet high and weighing 12kg (nearly two stone), this pile of more than 3,000 sheets of paper contains every private detail of my life in my 35 years on the planet.”

He was amazed by the amount of personal information that was gathered and “stored on dozens of databases around the country which can be accessed by thousands of people”:

In it you’ll discover what I buy at the supermarket, what type of movies I like to watch and what music I’ve downloaded. (more…)

Two years ago, Congress argued about overhauling the nation’s immigration laws, but failed to pass comprehensive immigration law reform. Now, the Washington Post reports that Senate Democrats are again looking to change federal immigration laws. Instead of just creating an error-filled national database of Americans’ employment eligibility, this time legislators are seeking to require “that all U.S. workers verify their identity through fingerprints or an eye scan.” I would like to emphasize that they would gather biometric data from “all U.S. workers”; not just undocumented workers.

Speaking on the eve of a White House summit with congressional leaders on immigration, Sen. Charles E. Schumer (N.Y.) said a national system to verify work documents is necessary because Congress has failed to crack down on unscrupulous employers and illegal immigrants with fake documents.

“I’m sure the civil libertarians will object to some kind of biometric card — although . . . there’ll be all kinds of protections — but we’re going to have to do it. It’s the only way,” Schumer said. [...]

A senior White House official said Obama is open to all of Schumer’s proposals, including his ID plan, saying that “he wants to listen, he wants to talk. All of it is on the table.”

There are numerous privacy and civil liberty problems that are fundamental in the creation of a national database of fingerprints and eye scans for all U.S. workers, a database that places the burden on the individual to prove that he or she is allowed to work in this country. How quickly will this database go from being strictly to prove employment eligibility to being used by police departments to gather fingerprints while circumventing the warrant process and Fourth Amendment rights of search and seizure? Who else could have access to your fingerprint and iris scans? The United States already has discussed sharing fingerprint and other biometric data of suspects with European countries. It’s a small step to opening up a national employee biometrics database to other countries. (more…)

Minnesota Public Radio is reporting on an opinion (pdf) from the Minnesota Court of Appeals concerning privacy. The case, Yath vs. Fairview Clinics, involves a medical clinic employee posting onto MySpace some embarrassing personal information from a patient’s medical file. One of the questions involved whether “an Internet posting on MySpace.com constitute ‘publicity.’” The court held, “the publicity element of an invasion-of-privacy claim is satisfied when private information is posted on a publicly accessible Internet website.” The court reasoned:

The MySpace.com webpage that triggers Yath‘s claim was such a site.  Access to it was not protected, as some webpages are, by a password or some other restrictive safeguard.  It was a window that Yath‘s enemies propped open for at least 24 hours allowing any internet-connected voyeur access to private details of her life.  The claim therefore survives the “publicity” challenge.

(more…)

Wired News reports on a class-action lawsuit filed concerning a 2006 data security breach tied to the Department of Veterans Affairs. In May 2006, an unencrypted laptop and hard drive containing sensitive data on 26.5 million current military personnel, veterans, and their spouses were stolen from a Veterans Affairs’ employee’s home.

Wired reports:

The 11th U.S. Circuit Court of Appeals, in largely dismissing a class-action, ruled Wednesday that the veterans could recoup at least $1,000 under the Privacy Act if they could show financial damages, not mental anguish. (more…)

There have been two recent articles about medical identity theft, which has affected 250,000 people, according to (pdf) the Federal Trade Commission. The World Privacy Forum has excellent resources on medical identity theft and recently released ”A Patient’s Guide to HIPAA: How to Use the Law to Guard your Health Privacy.”

The Las Vegas Sun reports:

[Medical identity theft is] a growing fraud that experts say can be far more destructive than other forms of ID theft. People who discover their bank accounts have been compromised can dispute charges and set up credit monitoring services. People whose medical identities are stolen, however, have no clear-cut way to correct inaccurate records or challenge false insurance claims. Straightening out stolen health care is a red tape nightmare, complicated by strict patient privacy laws and the paper-shuffling bureaucracy of insurance providers.

This isn’t just maddening, it’s potentially dangerous. An impostor’s medical procedures can contaminate the victim’s records — if the fake Bennett gets a Type A blood transfusion, for example, doctors looking through the real Bennett’s records after a serious car accident might reasonably assume it’s the type he needs, even if that’s incorrect. (more…)