Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"

  • Categories

  • Archives

    « Home

    Archive for the ‘Medical data’ Category

    InformationWeek: When Employees Steal Patient Records

    Thursday, April 10th, 2014

    InformationWeek reports on accusations of insiders misusing their access privileges in New York. We’ve seen the problems that arise when insiders abuse or misuse their access privileges to individuals’ data and violate the individuals’ rights. Such cases have occurred in: Tucson, Ariz., where University Medical Center officials fired three employees for violating privacy of patients connected to the shooting rampage of which Jared Loughner is accused; New York City, where a police sergeant pleaded guilty “to illegally entering a federal database and giving information from a terrorist watch list to an acquaintance to use in a child-custody case in Canada”; Ohio, where the Ohio Inspector General released a report (pdf) finding that state employees improperly accessed and distributed confidential state records related to Samuel Joseph Wurzelbacher, who gained fame during the 2008 election as “Joe the Plumber”; and the U.S. government, where the State Department found that federal employees repeatedly snooped into the passport files of entertainers, athletes and other high-profile Americans. The cases aren’t confined to the United States; for example, they’ve occurred in Canada and New Zealand.

    InformationWeek reports on a case concerning medical privacy in Queens, N.Y., as well as other cases in the United States:

    The Queens, N.Y., district attorney recently charged two employees of Jamaica Hospital Medical Center with illegally accessing emergency room patients’ medical records and personal identification information, and selling that data to individuals who then solicited services such as outpatient care or legal assistance — sometimes while patients were still in the ER. [...] Read more »

    UK Information Commissioner’s Office Fines Pregnancy Advice Service Over Privacy Breach

    Monday, March 10th, 2014

    The UK Information Commissioner’s Office announced that it has fined (pdf) the British Pregnancy Advice Service £200,000 “after a serious breach of the Data Protection Act revealed thousands of people’s details to a malicious hacker.”

    An ICO investigation found the charity didn’t realise its own website was storing the names, address, date of birth and telephone number of people who asked for a call back for advice on pregnancy issues. The personal data wasn’t stored securely and a vulnerability in the website’s code allowed the hacker to access the system and locate the information.

    The hacker threatened to publish the names of the individuals whose details he had accessed, though that was prevented after the information was recovered by the police following an injunction obtained by the BPAS. […]

    The investigation found that as well as failing to keep the personal information secure, the BPAS had also breached the Data Protection Act by keeping the call back details for five years longer than was necessary for its purposes.

    Economic Times: Indian government to set up Data Protection Authority to safeguard privacy

    Friday, February 21st, 2014

    The Economic Times reports that India is considering the creation of a data protection agency, which would seek to protect privacy:

    NEW DELHI: The government plans to set up a Data Protection Authority (DPA) that will rule on issues around privacy invasion and impose penalties on violations, moving strongly towards safeguarding individual privacy and defining invasion of privacy offences.

    The authority will “investigate any data security breach and issue appropriate orders to safeguard security interests of all affected data subjects in respect of any personal data that has or is likely to have been compromised by such breach,” according to a draft Right to Privacy Bill that was seen by ET.

    In the draft prepared for approval of a committee of secretaries, the government has proposed that all Indian residents shall have a right to privacy. Restrictions can be imposed only in accordance with the law and to meet specific objectives. Further, more extensive safeguards for privacy will override the Act in case of a conflict.  Read more »

    New York Times: Revelations by AOL Boss Raise Fears Over Privacy

    Thursday, February 13th, 2014

    The New York Times reports on fears about medical privacy amid the controversy over AOL CEO Tim Armstrong discussing two “distressed babies” and their connection to his company’s decision to cut employees’ benefits.

    Tim Armstrong, the chief executive of AOLapologized last weekend for publicly revealing sensitive health care details about two employees to explain why the online media giant had decided to cut benefits. He even reinstated the benefits after a backlash.

    But patient and work force experts say the gaffe could have a lasting impact on how comfortable — or discomfited — Americans feel about bosses’ data-mining their personal lives.

    Mr. Armstrong made a seemingly offhand reference to “two AOL-ers that had distressed babies that were born that we paid a million dollars each to make sure those babies were O.K.” The comments, made in a conference call with employees, brought an immediate outcry, raising questions over corporate access to and handling of employees’ personal medical data. [...] Read more »

    Opinion at Seattle Times: Fitness gadgets raise privacy concerns under new health insurance rules

    Tuesday, February 11th, 2014

    Brier Dudley, a technology columnist at the Seattle Times, discusses privacy concerns about fitness devices that gather data about individuals’ health:

    Outrage over NSA spying on Americans is nothing compared to how people may react to the upcoming collision with wearable computing, medical privacy and new insurance rules.

    You don’t need leaked documents to see it coming, though it took me awhile to connect the dots after seeing the bewildering array of new health and fitness-tracking gadgets shown at last month’s Consumer Electronics Show.

    The show was seen as a turning point for “wearables,” including watches, wristbands, headsets and other gadgets. The most popular wearables monitor physical activity and connect wirelessly to phones, which may then upload the data to online services. [...] Read more »

    World Privacy Forum: Paying out of Pocket to Protect Health Privacy

    Wednesday, February 5th, 2014

    The World Privacy Forum has released a new report, “Paying out of Pocket to Protect Health Privacy,” concerning the Health Insurance Portability and Accountability Act (HIPAA) and the right of patients to restrict disclosures about their medical information. Here’s the introduction:

    One of the most-discussed provisions in the changes to the HIPAA health privacy rule that became effective September 23, 2013, is the right for a patient to prevent a provider from reporting information to a health insurer if the patient pays in full. The new right sounds useful and may be helpful to some patients, but the pay-in-full option is laden with complexity. That is the subject of this report.

    The new right has several prerequisites. A patient has the firm right to demand that a health care provider not disclose the patient’s protected health information (PHI) to the patient’s health plan if these conditions are met: Read more »