The Federal Trade Commission and Department of Health and Human Services have announced a settlement with Rite Aid concerning the privacy of the financial and medical data of its users.

The FTC began its investigation following news reports about Rite Aid pharmacies using open dumpsters to discard trash that contained consumers’ personal information such as pharmacy labels and job applications. At the same time, HHS began investigating the pharmacies’ disposal of health information protected by the Health Insurance Portability and Accountability Act (HIPAA).

This is the second case in which the FTC and HHS coordinated their investigations and settlements. The agencies resolved similar allegations with CVS Caremark in February 2009.

According to the FTC’s complaint, Rite Aid failed to use appropriate procedures in the following areas: Read more »

The New York Times reports on the issue of genetic privacy as it relates to so-called “familial searching” of DNA databases. This type of search is controversial because the “near-match” person is not suspected — but that person’s relatives are. (Last year, George Washington law professor Jeffrey Rosen had an excellent article about increasing pressure for the expansion of familial searches of DNA databases.)

Although Britain has been using the technique for years, familial searching in the United States is the Botox of criminal investigation. Early-adopter states like California and Colorado have tried it, like it and plan, where appropriate, to use it again. The wait-and-see states are holding out while they consider the potential side effects and longer-term social ramifications. [...]

But the immediate concern is that kinship searches could produce a long list of convicted felons who are only partial matches to an unidentified suspect. The risk is that the police, while looking for a suspect’s family members, might intrude on people who have not committed a crime. Some lawyers call it guilt by genetic association. Read more »

The BBC reports on law enforcement developments in the United Kingdom and Europe:

Home Secretary Theresa May says the UK will opt in to an EU order allowing foreign police to be given evidence held in the UK. The European Investigation Order makes it easier for police to investigate suspects living in each other’s states. [...]

Critics predict forces will end up wasting resources working on unjustified investigations that breach civil liberties.

Under the current system, EU police forces who want to investigate a suspect in another member state ask their counterparts for help through special agreements called Mutual Legal Assistance. [...] Read more »

USA Today reports on the use (or avoidance) by doctors of social-networking sites such as Facebook or Twitter. Some cite medical privacy concerns as reasons to avoid social-networking sites.

Jeff Livingston, who spearheaded [one Irving, Texas, OB-GYN practice's] venture into social media, also manages the @ macobgynTwitter account, which has about 1,600 followers. He sees Facebook as an educational and, perhaps just as important, marketing tool. “People are looking for information online,” Livingston says. “I wanted them to look at our page.”

But few doctors have embraced social media as enthusiastically as he has. Concerns about time and patient privacy have deterred many.

“No matter how you parse it, doctors don’t avoid the Internet and social media because they’re simply Luddites,” Westby Fisher, an Evanston, Ill., cardiac electrophysiologist, wrote last month on his blog, Dr. Wes. “They avoid the Internet because they enjoy the benefits of anonymity, privacy, efficiency and legal protection that come with dropping off the grid.” [...] Read more »

The Department of Health and Human Services has published a notice of proposed rulemaking to modify the HIPAA privacy, security and enforcement rules. The department said:

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, is designed to promote the widespread adoption and standardization of health information technology, and requires HHS to modify the HIPAA Privacy, Security, and Enforcement Rules to strengthen the privacy and security protections for health information and to improve the workability and effectiveness of the HIPAA Rules. Read more »

The News Leader reports on a change by the commonwealth of Virginia designed to protect the privacy of disabled drivers:

To protect personal information, disabled parking placards issued after July 1 will no longer display the name, birthdate or gender of the placard holder since they are displayed on a vehicle’s rear view mirror in public view. [...]

While parked in a disabled parking space, Virginia law requires placard holders to carry the disabled parking identification card they received from the Department of Motor Vehicles along with their placard. They must present it to law enforcement officers if requested. The placard ID card does not have a photograph, but has the customer’s name, address, placard number and expiration date.

Customers with temporary or permanent disabled placards issued before July 1 can use tape to permanently cover their name and birthdate on the placard.

DMV offers disabled parking placards and plates for customers with temporary or permanent disabilities that limit or impair their mobility. They are also available to customers with conditions that create a safety concern while walking such as Alzheimer’s disease or lung-related diseases.