Category Archives: Privacy

High-Tech Medical Records: Can electronic records transform health care?

Source: Kory Mertz and Donna Folkemer, State Legislatures, June 2008

In the middle of a legislative session, a veteran legislator from an out-county district walks into the ER near the Capitol complaining of a headache and nausea. He is handed a stack of forms to fill out. Unable to recall most of this information, he is forced to leave many fields blank, including the names of his many prescriptions. To fill in all the missing information the doctor has to run a host of tests, some very expensive. The legislator is sent home to await the test results feeling no better than when he arrived. The state foots the bill.

This is the current state of affairs in health care. Now envision this situation transformed by information technology.

The legislator enters the ER and a nurse pulls up his complete electronic health record within seconds. No forms to fill out, no prescriptions to remember. The doctor reviews the lawmaker’s record and notices that his five medications were prescribed by four different specialists. After speaking with the patient, the doctor deduces the symptoms are likely the result of a bad prescription interaction. Checking her findings with a computer system that helps make clinical decisions, the doctor prescribes an alternative medication and updates the patient’s record. The prescription is electronically sent to a pharmacy of the legislator’s choosing. No paper, no agonizing wait for the legislator and no redundant–and expensive–testing.

Former Speaker of the U.S. House of Representatives Newt Gingrich and others see health information technology (IT) as key to fixing a dysfunctional health-care system. “Health information technology is essential if we are to make any meaningful change, from reining in costs to improving the delivery of care to expanding insurance coverage. We simply cannot continue to prop up a 1950s paper-based system and expect anything to change,” says Gingrich, founder of the Center for Health Transformation.

Instant access to vital health information can save time, money and, ultimately, lives. When doctors see a patient’s complete medical history, they can make better decisions by preventing harmful drug interactions and eliminating duplicate tests or procedures. The Center for Information Technology Leadership estimates that this kind of technology would save $77.8 billion a year–or about 4 percent in a $2 trillion health system.

But moving health care into the digital age will be far from easy.

EPIC Report: “REAL ID Implementation Review: Few Benefits, Staggering Costs”

Source: Electronic Privacy Information Center

Throughout its history, the United States has rejected the idea of a national identification system. Yet, the Department of Homeland Security continues to push forward a system of identification that has been widely opposed. The REAL ID Act mandates that State driver’s licenses and ID cards follow federal technical standards and verification procedures issued by Homeland Security. REAL ID also enables tracking, surveillance, and profiling of the American public.

May 11, 2008 was the statutory deadline for implementation of the REAL ID system, but not one State is in compliance with the federal law creating a national identification system. In fact, 19 States have passed resolutions or laws rejecting the national ID program. The Department of Homeland Security has faced so many obstacles that the agency now plans an implementation deadline of 2017 — nine years later than the 2008 statutory deadline.

Homeland Security claims that it is making strides in implementing the national ID program. Homeland Security Secretary Michael Chertoff encourages the use of the REAL ID system for a wide variety of purposes unrelated to the law that authorized the system. In an opinion column written by Secretary Chertoff after the publication of the final rule in January, he said, “embracing REAL ID” would mean it would be used to “cash a check, hire a baby sitter, board a plane or engage in countless other activities.” None of these uses for the REAL ID have a legal basis. Each one creates a new risk for Americans who are already confronting the staggering problem of identity theft.

Last year, EPIC submitted detailed comments to the DHS on the draft proposal for REAL ID. With the assistance of many experts, we attempted to address the enormous challenge in the project proposal. In the following report, EPIC details the many problems with the final plan to implement this vast national identification system. The REAL ID system remains filled with threats to privacy, security and civil liberties that have not been resolved.

Full report (PDF; 450 KB)

Outbound Email and Data Loss Prevention in Today’s Enterprise, 2008

Source: Proofpoint, May 2008

From the press release:
In its fifth-annual study of outbound email and data loss prevention issues, Proofpoint, Inc. found that large enterprises continue to incur risk from–and take action against–information leaks over outbound email, as well as newer communications media such as blogs, message boards, media sharing sites and mobile devices.

41% of Large U.S. Corporations Employ Staff to Read Employee Email; 26% Terminated Employees for Email Policy Violations in the Past Year

11% Of U.S. Companies Disciplined Employees for Improper Use of Blogs/Message Boards; 13% for Social Network Violations; 14% for Improper Use of Media Sharing Sites

Consumers Union Calls For Limits on Social Security Number Use & Availability Identity Thieves Have Easy Access to Social Security Numbers Which Leaves Consumers Vulnerable to Fraud

Source: Consumer’s Union, Press release, December 11, 2007

WASHINGTON, D.C. – The widespread use and availability of Social Security numbers puts Americans at risk for identity theft and should be restricted, according to Consumers Union, nonprofit publisher of Consumer Reports.

The group urged policymakers to take action to protect consumers as part of a public forum on the issue organized by the Federal Trade Commission in conjunction with the President’s Identity Theft Task Force. Social Security numbers are particularly sensitive information because they can provide the key to unlocking a consumer’s financial identity.

See also:
H.R. 3046

REAL ID Final Rule

Source: U.S. Department of Homeland Security

From press release:
The U.S. Department of Homeland Security (DHS) announced today a final rule establishing minimum security standards for state-issued drivers’ licenses and identification cards. The rule sets uniform standards that enhance the integrity and reliability of drivers’ licenses and identification cards, strengthen issuance capabilities, and increase security at drivers’ license and identification card production facilities. The final rule also dramatically reduces state implementation costs by roughly 73 percent.

Final Rule, Part 1 (PDF, 120 pages – 4.2 MB)
Final Rule, Part 2 (PDF, 164 pages – 5.6 MB)
Privacy Impact Assessment for REAL-ID (PDF; 277 KB)

Privacy Rights Clearinghouse

Source: Privacy Rights Clearinghouse

The Privacy Rights Clearinghouse (PRC) is a nonprofit consumer organization with a two-part mission — consumer information and consumer advocacy. It was established in 1992 and is based in San Diego, California. It is primarily grant-supported and serves individuals nationwide.

The PRC’s goals are to:
•Raise consumers’ awareness of how technology affects personal privacy.
•Empower consumers to take action to control their own personal information by providing practical tips on privacy protection.
•Respond to specific privacy-related complaints from consumers, intercede on their behalf, and, when appropriate, refer them to the proper organizations for further assistance.
•Document the nature of consumers’ complaints and questions about privacy in reports, testimony, and speeches and make them available to policy makers, industry representatives, consumer advocates, and the media.
•Advocate for consumers’ privacy rights in local, state, and federal public policy proceedings, including legislative testimony, regulatory agency hearings, task forces, and study commissions as well as conferences and workshops.

Also in Spanish

RFID Technology in Workplace Raises Privacy Concerns

Source: Frederick Lane, IPMA-HR News, June 2007
(subscription required)

Will your next security badge be a small chip in your hand or forearm? Thanks to an emerging technology known as radio-frequency identification (RFID), that’s a distinct possibility. RFID is already in use in a wide range of applications, from electronic toll systems to retail inventory systems, and a number of companies are putting RFID chips on existing security badges. While there are no credible reports of companies or governmental agencies in the United States requiring their employees to get chipped, concerns about the possibility are strong enough that several state legislatures have passed or are considering legislation to outlaw the practice.

The Real ID

Source: Molly Ramsdell and Matt Sundeen, NCSL Legisbrief, Vol. 15 no. 22, April/May 2007
(subscription required)

In early March, the Department of Homeland Security (DHS) issued the long-awaited draft regulations on Real ID Act implementation. The Real ID Act of 2005 requires states to adopt federal standards for driver’s licenses and identification cards by May 11, 2008. If they do not, the federal government will not accept the driver’s licenses or identification cards for federal purposes—boarding commercial aircraft, entering a federal building or nuclear power plant, or other purposes as determined by the secretary of the Department of Homeland Security. DHS estimated the cost of implementation at $23.1 billion over 10 years; the states’ cost is $10 billion to $14 billion.
See also:
NCSL’s Countdown to Real ID
ACLU’s Real Nightmare

REAL Nightmare

Source: Ellen Perlman, Governing, Vol. 20 no. 9, June 2007

States are on the hook to turn driver’s licenses into secure ID cards. The size of the job is scaring them.

For the past five years, clerks at the Colorado Department of Motor Vehicles have been enforcing new rules for getting a driver’s license. It hasn’t been pleasant. As the new system has been put in place — a new requirement here, followed by another one there — DMV employees have been dressed down, yelled at, spat on and cursed by those in line.

This is not the usual situation at today’s DMVs, because states have gone to great efforts in the past decade to make license renewal a friendlier, more convenient experience — letting drivers renew online or by mail; putting small DMV offices in local shopping malls. But there’s a reason why Colorado clerks are under fire: The new rules, which have to do with creating a more secure license, have brought back long lines and frustrating misunderstandings about just exactly what documents drivers need to bring in and how long it will take the DMV to verify those papers. That’s why Colorado, which established its own rules for securing licenses, may be the best place to look to see what it’s going to be like when the REAL ID Act, the 2005 federal law that calls for a higher level of security for driver’s licenses, starts going into effect next year.

The Governor’s Database

Source: Jake Bernstein, The Texas Observer, Vol. 99 no. 8, April 20, 2007

Texas is amassing an unprecedented amount of information on its citizens

Piece by piece, Gov. Rick Perry’s homeland security office is gathering massive amounts of information about Texas residents and merging it to create the most exhaustive centralized database in state history. Warehoused far from Texas on servers housed at a private company in Louisville, Kentucky, the Texas Data Exchange—TDEx to those in the loop—is designed to be an all-encompassing intelligence database. It is supposed to help catch criminals, ferret out terrorist cells, and allow disparate law enforcement agencies to share information. More than $3.6 million has been spent on the project so far, and it already has tens of millions of records. At least 7,000 users are presently allowed access to this information, and tens of thousands more are anticipated.

What is most striking, and disturbing, about the database is that it is not being run by the state’s highest law enforcement agency—the Texas Department of Public Safety. Instead, control of TDEx, and the power to decide who can use it, resides in the governor’s office.