TwinCities.com reports on a case concerning the storage of newborn babies’ blood in Minnesota. I’ve written before about the unauthorized or unknowing retention and use of babies’ blood samples for purposes other than disease screening. The Washington Post has written about the ethics and privacy issues when children’s medical data is collected and retained without parents’ knowledge or consent. In mid-2010, Texas announced that, as part of a lawsuit settlement agreement, it would destroy five million blood samples taken from babies and used for research without their parents’ consent. The blood was originally gathered to screen for birth defects. Privacy issues connected to newborns’ blood samples have been raised internationally, as well. In New Zealand, the Privacy Commissioner warned against expanding the use of such genetic data beyond disease testing, noting DNA is the “ultimate marker of identity.” A Tel Aviv University researcher’s article in Science said we don’t know the future privacy or civil liberty implications of distributing children’s genetic data.

TwinCities.com reports:

Adding to a national debate that pits privacy concerns against medical researchers, the Minnesota Supreme Court ruled Wednesday that a lower court must reconsider a challenge to the state Health Department’s practice of storing blood samples from newborns indefinitely.

Attorneys for plaintiffs in the case said the ruling means the Health Department might be forced to destroy nearly 1 million blood samples that researchers have drawn on for limited medical research purposes since 1997. [...] Read more »

The New York Times reports on plans by the Afghanistan government concerning the biometric data of residents and visitors to the country:

Since September, Afghanistan has been the only country in the world to fingerprint and photograph all travelers who pass through Kabul International Airport, arriving and departing.

A handful of other countries fingerprint arriving foreigners, but no country has ever sought to gather biometric data on everyone who comes and goes, whatever their nationality. Nor do Afghan authorities plan to stop there: their avowed goal is to fingerprint, photograph and scan the irises of every living Afghan.

It is a goal heartily endorsed by the American military, which has already gathered biometric data on two million Afghans who have been encountered by soldiers on the battlefield, or who have just applied for a job with the coalition military or its civilian contractors.

The Kabul airport program is also financed by the United States, with money and training provided by the American Embassy. Americans, like all other travelers, are subject to it. [...] Read more »

The Sacramento Bee reports on a medical data security breach that affects more than 4 million patients:

A Sutter Medical Foundation computer stolen in mid-October held information on more than 4 million patients, some dating back to 1995, Sutter Health officials said Wednesday.

The information, primarily demographic, but also containing descriptions of medical diagnoses and procedures, was stored on a password-equipped but unencrypted desktop computer in the administrative offices of Sutter Medical Foundation in Natomas, said Sutter Health spokeswoman Nancy Turner. [...] Read more »

MinnPost reports on a hearing held by Sen. Al Franken (D-Minn.) as chairman of the subcommittee on Privacy, Technology and the Law of the Senate Judiciary Committee concerning medical privacy:

Sen. Al Franken made it clear Wednesday he’s a big proponent of converting medical records to digital form, but he acknowledged the “very real and very serious privacy challenges” that come with doing so.

Franken convened his second hearing as chairman of the Senate Subcommittee on Privacy, Technology and the Law on Wednesday to address just that topic. His main complaint: federal agencies directed to enforce digital medical record regulations enacted by Congress have not yet done so. Read more »

The Los Angeles Times reports on a security breach concerning the privacy of patient data at UCLA Health System. Note that though the hard drive containing the medical data was encrypted, the password was written on a piece of paper near the drive:

The UCLA Health System is warning thousands of patients that their personal information was stolen and they are at risk of possible identity theft, officials said in a statement released Friday.

Officials don’t believe the information has been accessed or misused but are referring patients to a data security company if their name and credit are affected.

Altogether, 16,288 patients’ information was taken from the home of a physician whose house was burglarized on Sept. 6, according to the UCLA Health System. [...] Read more »

In the latest issue of the Boston University Journal of Science and Technology Law, there is an interesting article, “Privacy and Security in Implementation of Health Information Technology: US/EU Compared” (BU pdf; archive pdf). Here’s the abstract:

The importance of the adoption of Electronic Health Records (EHRs) and the associated cost savings cannot be ignored as an element in the changing delivery of health care. However, the potential cost savings predicted in the use of EHR are accompanied by potential risks, either technical or legal, to privacy and security. The U.S. legal framework for healthcare privacy is a combination of constitutional, statutory, and regulatory law at the federal and state levels. In contrast, it is generally believed that EU protection of privacy, including personally identifiable medical information, is more comprehensive than that of U.S. privacy laws. Direct comparisons of U.S. and EU medical privacy laws can be made with reference to the five Fair Information Practices Principles (FIPs) adopted by the Federal Trade Commission and other international bodies. Read more »