The pendulum swings
again...
Happy to report a great
win for the ACLU in U.S. v. Katzin. From the decision
issued today by the Third Circuit Court of Appeals:
The
instant case … calls upon us to decide two novel issues of Fourth
Amendment law: First, we are asked to decide whether the police are
required to obtain a warrant prior to attaching a GPS device to an
individual’s vehicle for purposes of monitoring the vehicle’s
movements (conduct a “GPS search”). If so, we are then asked to
consider whether the unconstitutionality of a warrantless GPS search
may be excused for purposes of the exclusionary rule, where the
police acted before the Supreme Court of the United States proclaimed
that attaching a GPS device to a vehicle constituted a “search”
under the Fourth Amendment. For the reasons discussed below, we hold
that the police must obtain a warrant prior to a GPS search and that
the conduct in this case cannot be excused on the
basis of good faith. Furthermore, we hold that all three
brothers had standing to suppress the evidence recovered from Harry
Katzin’s van. We therefore will affirm the District Court’s
decision to suppress all fruits of the unconstitutional GPS search.
You can access the full
opinion here.
Patients lie. Will
reading their Tweets or looking at their Facebook page reveal the
truth?
Art Caplan poses an
interesting ethical question:
A
friend recently brought to my attention a disturbing question from a
psychiatrist working with a transplant team: Should she be checking
the sobriety claims of liver transplant candidates by looking on
their Twitter and other social media sites? That question merits
discussion because it’s clear both doctors and patients are
entering a new world of uncertain medical privacy due to Twitter,
Facebook, Google+ and other outlets.
Read more on NBC.
Would this reduce
bullying? After all, unlike the First Amendment, “It's for the
children!”
Lorraine Bailey
reports:
A
mother sued Twitter for the identities of people who impersonated her
daughter on the social media site, tweeting in her name “my passion
is being fat,” “free hand and blowjobs call me,” and posting
her phone number and picture online.
The
mother sued Twitter on behalf of her minor daughter, in Cook County
Court.
She
seeks a court order compelling Twitter to release the identities of
people who set up two Twitter accounts.
Read more on Courthouse
News. Twitter suspended the two accounts.
Get the government to
give your clients money to use your free service? Now that's a
business model! (and like Facebook, it has a few “Privacy
issues”)
Kashmir Hill writes:
Medical
records start-up Practice
Fusion has attracted a whopping $134 million in venture capital
thanks to its appealing business model: it offers 100,000 (and
counting) medical types free, web-based patient management services.
The doctors get for free something that’s usually
quite expensive, while cashing in on $150 million (so far) in
government incentives to adopt electronic health record
technology. Practice Fusion gets an attractive platform of doctors
that medical labs, hospitals and medical billers pay to access. “Our
community drives $100 billion in spend,” says CEO Ryan Howard. The
start-up also gets data on 75 million patients’ health conditions
and prescriptions, which it de-identifies and then makes
available to analysts, pharma companies, and market research types,
who also pay. You can see why a VC firm like Kleiner Perkins put $70
million into the start-up this September, valuing it at $700
million. It’s like Facebook but with tons of
valuable medical data.
But
the start-up could have a big privacy problem thanks to a doctor
review site it launched in April. ‘Patient
Fusion’ debuted with 30,000 doctor profiles and a stunning two
million reviews, all from verified patients of the doctors. The site
came as a surprise to some doctors – who knew the start-up
emailed their patients appointment and prescription reminders but
didn’t realize it had been reaching out to their patients after
visits asking for reviews. And it is likely a surprise to
some of the patients whose reviews are available publicly on the
site. There are candid reviews with sensitive medical data and
“anonymous reviews” that contain patients’ full names and/or
contact details, suggesting they didn’t realize that what they were
writing was going to be made public.
Read more on Forbes.
This sounds like a
HIPAA/CMIA/FTC nightmare brewing. Practice Fusion has a lengthy
privacy policy that says, in part:
Confidentiality
of Health Information: Some of our users – such as
healthcare providers – are subject to laws and regulations
governing the use and disclosure of health information they create or
receive. Included among them is the Health Insurance Portability and
Accountability Act of 1996 (“HIPAA”), the Health Information
Technology for Economic and Clinical Health of 2009 (“HITECH”),
and the regulations adopted thereunder. When we store, process or
transmit “individually identifiable health information” (as such
term is defined by HIPAA) on behalf of a health care provider who has
entered a Healthcare Provider User Agreement, we do so as its
“business associate” (as also defined by HIPAA). Under this
agreement, we are prohibited from, among other things, using
individually identifiable health information in a manner that the
provider itself may not. We are also required to, among other things,
apply reasonable and appropriate measures to safeguard the
confidentiality, integrity and availability of individually
identifiable health information we store and process on behalf of
such providers. To see our Healthcare Provider User Agreement, and to
specifically review our business associate obligations, please review
Sections 4.1.8 and 9 of that agreement. We are also subject to laws
and regulations governing the use and information of certain personal
and health information, including HIPAA, when we operate as a
business associate of a healthcare provider.
If patients weren’t
properly informed about the public nature of their feedback and
didn’t provide informed consent, I’d say that Practice Fusion has
a whopping HIPAA privacy disclosure breach on its hands. Hopefully,
HHS is looking into this whole thing. And if healthcare providers
didn’t fully understand how Practice Fusion would be using the
information provide, then that’s a second round of
complaints/matter to be investigated.
Bad laws never die,
they do morph and change names and attract lots of lobbying money.
Dana Liebelson reports:
This
summer, when Edward Snowden dropped his bombshell about PRISM, the
NSA’s vast Internet spying program, the House had recently passed a
bill called the Cyber
Intelligence Sharing and Protection Act (CISPA). Widely
criticized
by privacy advocates, CISPA aimed to beef up US cybersecurity by
giving tech companies the legal freedom to share even
more cyber information with the US government—including the content
of Americans’ emails, with personal information
intact. CISPA supporters, among them big US companies such as
Verizon
and Comcast, spent 140
times more money on lobbying for the bill than its opponents,
according to the Sunlight Foundation. But after Snowden’s leaks,
public panic over how and why the government uses personal
information effectively killed the bill. Now that the dust has
settled a bit, NSA director Keith Alexander is publicly
asking for the legislation to be re-introduced, and two senators
confirmed that they are drafting a new Senate version.
“I
am working with Senator Saxby Chambliss (R-Ga.) on bipartisan
legislation to facilitate the sharing of cyber related information
among companies and with the government and to
provide protection from liability,” Sen. Dianne
Feinstein (D-Calif.) told Mother Jones in a statement.
Read more on Mother
Jones.
Haven’t the big tech
companies and providers taken enough of a reputation hit already with
the Snowden leaks? Do they really want to come out and support more
data sharing without user consent or knowledge?
That a bill could be a
Good Thing for cybersecurity has never been disputed by the privacy
security. The problems were the lack of meaningful restrictions on
use of personally identifiable information. Until we see the
language of what Senator Feinstein is proposing, we simply won’t
know whether the same privacy concerns will continue or if our
concerns will be appropriately addressed. Given that it’s
Feinstein who’s the sponsor, however, I am not optimistic.
Interesting
that parents (who are not “digital natives”) understand the
negative implications of technology when “educators” (and their
lawyers?) do not.
John Hildebrand
reports:
Angry
parents worried about their children’s privacy are fighting New
York State’s planned turnover of 2.3 million public school
students’ names and records to a private, high-tech corporation
that will store and manage the records within a computerized “cloud”
service.
The
release of data to inBloom Inc., a nonprofit based in Atlanta, will
include information on about 400,000 students on Long Island and is
set to occur this fall or winter, officials said.
Read more on Newsday
(sub. req.). The state, of course, is
minimizing/denying parental concerns:
State
education officials, who have worked with inBloom since 2011 to
establish the “cloud” project, said parents’ fears were
unwarranted.
InBloom
will never release student information without permission from local
districts, state and corporate officials said, and the data cannot be
sold. The service will provide a high degree of data security
through sophisticated encryption, they said.
Notice that there is no
provision for parents to opt-out – or better yet, opt-in – as it
is up to others to determine whether data will be shared.
And those in the state
who are relying on assurances of data security should spend a week or
so reading my blogs, including databreaches.net, to see how many
supposedly secure databases get hacked or compromised on a daily
basis.
Not so surprising...
“Many eyes, shallow
bugs.” Perhaps the HealthCare.gov
gang that couldn’t code straight had never heard this
software mantra. One can’t be sure. The Centers for Medicare and
Medicaid Services, the agency overseeing the technically
troubled Affordable Care Act exchanges, has done a far better
job concealing the details of its systems design, development, and
deployment practices than producing working websites. IT experts
uncharitably observe that what the President describes as “glitches”
are symptomatic of deeper digital dysfunctions. Are they right?
Should I believe this
or is this 'The Onion' of Washington DC?
Exclusive:
White House Official Fired for Tweeting Under Fake Name
A White House national
security official was fired last week after being caught as the
mystery Tweeter who has been tormenting the foreign policy community
with insulting comments and revealing internal Obama administration
information for over two years.
For
my students who read...
5
Places To Read Fiction Online – For Free!
Classic
Reader Classic
Reader is a website dedicated to the classics. This site is a gold
mine for lovers of classic literature as well as school students who
want to read without having to purchase their own copies.
No comments:
Post a Comment