The Associated Press reports on a lawsuit concerning patient privacy in Minnesota:

Attorney General Lori Swanson sued a debt collection agency that works with two Minnesota hospitals on Thursday, saying it failed to keep health care records for tens of thousands of patients confidential and did not tell patients just how much it was involved in their health care.

The lawsuit against Accretive Health Inc., a Chicago-based company that works with hospitals to maximize revenue, comes after an Accretive employee had a laptop stolen in July that contained the data of 23,500 patients of Fairview Health Services and North Memorial Health Care.

As authorities were investigating, they discovered Accretive had access to patient data through contracts with the hospitals, and used that data to assess patients’ “frailty” or risk of becoming hospitalized. Swanson said the agency shared its activities with investors on Wall Street “without the knowledge or consent of patients who have the right to know how their information is being used and to have it kept confidential.” [...]

The lawsuit claims Accretive violated state and federal health privacy laws, and state debt collection and consumer protection laws. It seeks an order that would require Accretive to tell patients what information it has on them, what information it lost, where it sent the information, and why it has the information in the first place. Read more »

InformationWeek reports that a man hacked into a medical database to steal patient information:

Eric McNeal, a 38-year-old information technology specialist from Atlanta, Ga., has been sentenced for hacking into the patient database of a former employer, stealing patient information, and then deleting the information from the system.

For his crime, McNeal was sentenced on Jan. 10 to serve 13 months in prison with three years of supervision after his release. McNeal also was ordered to perform 120 hours of community service. [...]

According to court documents, McNeal, who pleaded guilty to the charge on Sept. 28, worked as an information technology specialist for APA, a perinatal medical practice in Atlanta. He left APA in November 2009, and subsequently joined a competing perinatal medical practice, which was located in the same building as APA.  Read more »

The Washington Post reports on possible privacy questions surrounding new technology featured at the Consumer Electronics Show in Las Vegas:

The thousands of devices debuting Tuesday at the Consumer Electronics Show here demonstrate how tech companies are poised to gather unprecedented insights into consumers’ lives — how much they eat, whether they exercise, when they are home and who they count as friends. [...]

Coming soon are Internet connected refrigerators, washing machines and other appliances that may be able to deliver information to third parties, such as utilities.

All that has some tech experts and lawmakers concerned that consumers, in their rush to snap up the latest gadgets, may be sacrificing privacy. Read more »

The Department of Homeland Security’s Privacy Office has released a privacy impact assessment, “Future Attribute Screening Technology (FAST)/Passive Methods for Precision Behavioral Screening, DHS/S&T/PIA-012(a)” (DHS pdf; archive pdf); this is an update to a Privacy Impact Assessment (pdf) released in 2008. FAST, which I wrote about four years ago, seeks to divine an individual’s criminal or benign intent from a bio scan, and members of Congress have raised privacy questions concerning the technology.

According to DHS, “FAST seeks to improve the screening process at transportation and other critical checkpoints by developing physiological and behavior-based screening techniques that will provide additional indicators to screeners to enable them to make more informed decisions. FAST is not intended to provide ―probable cause for law enforcement processes, nor would the technology replace or pre-empt the decisions of human screeners.”

Now, according to the new PIA:

The FAST research is adding a new type of research, the Passive Methods for Precision Behavioral Screening (hereinafter FAST/Passive). The purpose of the FAST/Passive study is to build upon existing FAST research using volunteers and increase the performance of FAST primary screening procedures and to increase the ability to differentiate malintent through the inclusion of passive stimuli. The aim of the FAST/Passive study is to devise passive stimuli that will evoke malintent cues and incorporate these stimuli into the FAST screening project. [...] Read more »

Last week, the BBC News reported that British Prime Minister David Cameron said he sought  change so that the National Health Service could automatically opt-in all of its patients so their medical data would be used for research. A patient would have to opt-out if he or she did not want the personal medical data to be shared. Cameron said that the data would be “anonymized,” but there are questions about anonymization and de-anonymization. (I’ve discussed de-anonymization and its privacy risks before.)

Now, the Guardian looks at the issues of anonymity, identification and patient data:

The prime minister said last week that plans to share records and other NHS data would make it easier to develop and test new drugs and treatments. The [Department of Health] says all necessary safeguards would be in place to ensure protection of patients’ details.

But Ethics and Genetics, a social and technology campaign group, says freedom of information requests show that under certain circumstances data anonymity would not always be guaranteed. Read more »

NPR reports on medical privacy and smartphone apps:

The American Medical Association just rolled out a shiny new iPhone app, My Medications, that you can use to keep track of your meds.

Mobile medical apps are a hot market, but unlike “Angry Birds,” they’re not just harmless fun. Some come with real privacy risks.

Sure, many medical apps are pretty benign. People use them to track how they’re doing with their diets or to help them stop smoking. But apps are also being used to monitor their blood sugar, chart blood pressure and screen for depression. You might be a little more concerned about strangers finding out that information. [...]

One big issue: Medical apps aren’t covered by a federal privacy law, known as HIPAA, that controls how doctors and health care providers store and share patients’ health information. [...] Read more »