Search This Blog

Monday, March 24, 2008


On February 27 of this year I posted on the new trend of health data collection, "Warning Out on Health Data Storage Sites,” which commented on Microsoft’s Health Vault, already up and running, and a Google version we should be seeing soon. There are mixed emotiions about this new concept of databases; on the negative side by privacy advocates, but on the positive side, it could save lives. It could also kill you, as expressed in a World Privacy Forum report that we will get to in a later post on this subject. But today I want to concentrate on what’s being done about the problem that is said to be much more destructive than financial identity theft: medical identity theft which represents close to 15 percent of all personal data breaches. In a recent article on Yahoo Finance, pharmaceutical company, Amgen, is being sued for lost pay by two sales representatives because they refused to go along with a scheme for them to search doctors’ confidential patient medical records. They were allegedly supposed to look for potential patients to push Amgen’s new drug, Enbrel, to treat psoriasis. Legal experts say this violates federal patient privacy law – Health Insurance Portability and Accountability Act (HIPAA). The Amgen sales reps. were supposedly instructed to ask doctors if they could go through files to identify the patients they were looking for. Does that mean some doctor’s—or maybe several—allow this practice? I’m asking my docors now, and suggest that you also question yours. Haven’t these people already heard enough horror stories from HIPAA violations? If the docs do allow it, they too are guilty of disregarding HIPAA. And then there were the hospital breaches of George Clooney’s and Britney Spears’ private records, reported by the New Hampshire Union Leader, and SC Magazine . I don’t care if it is celebrity curiosity, it clearly shows how lax the security was at both hospitals. As usual, California leads the way when it comes to the privacy of its residents. On January 1, 2008, the Golden State expanded the data notification law to include medical information and insurance data. Read more here. The law requires businesses or persons conducting business in the state with personal information on individuals to disclose any breach of their system, and disclose it “in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement.” The three main parts of the law’s expansion are: 1) included now are medical and health insurance information; 2) it also applies to companies like Microsoft’s Health Vault and Google’s similar program; 3) in their freeze law, public records are no longer covered. It was this law, California S.B. 1386, that exposed ChoicePoint’s breach back in early 2005, actually the breach that started business, government agencies, and Congress to think about the identity crisis. Unfortunately for many in business and government, and all of both the senate and House of Representatives, that’s as far as it has gone. As of March 22, 2008, There have been 829 breaches of personal data, exposing 223,142,082 private consumer records in just over three years, according to the Privacy Rights Clearinghouse chronology.

No comments: