HIPAA Basics: Medical Privacy in the Electronic Age

Kaye Beach

July 31, 2011

This is a recently updated HIPAA fact sheet from Privacy Rights Clearinghouse.  With the advent of Electronic Health Records and other digital health initiatives, this is a invaluable resource.

1. Introduction

Today you have more reason than ever to care about the privacy of your medical information. Intimate details you revealed in confidence to your doctor were once stored in locked file cabinets and on dusty shelves in the medical records department.

Now, sensitive information about your physical and mental health will almost certainly end up in data files. Your records may be seen by hundreds of strangers who work in health care, the insurance industry, and a host of businesses associated with medical organizations. What’s worse, your private medical information is now a valuable commodity for marketers who want to sell you something.

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to set a national standard for electronic transfers of health data. At the same time, Congress saw the need to address growing public concern about privacy and security of personal health data. The task of writing rules on privacy eventually fell to the U.S. Department of Health and Human Services (HHS). After several modifications, DHHS issued the HIPAA Privacy Rule.

The Privacy Rule was effective on April 14, 2003, for most health care providers, health plans, and health care clearinghouses. Small plans had until April 14, 2004 to comply.

If you expect HIPAA to restore your confidence that sensitive medical data is a matter between you and your doctor, you will be disappointed. HIPAA sets the standard for privacy in the electronic age where health industry, government, and public interests often prevail over the patient’s desire for confidentiality.

This guide explains the complex provisions of HIPAA’s Privacy Rule as well as recent measures to strengthen privacy and data security as the country moves closer to a system of electronic health records. It covers HIPAA’s high points and low points regarding your health privacy. For more information on HIPAA and additional rules that are not explained here, go to the References section at the end of this guide.

Read more

Revised June 2011

[Also see our FAQ on medical privacy.]

1. Introduction
2. HIPAA Privacy Rule: Benefits and Shortcomings
3. Who Is Covered by HIPAA? Who Is Not Covered?
4. Medical Information: What Does HIPAA Cover?
   What Is “Protected Health Information?” What Is “Minimum Necessary?”
5. Control of Your Medical Information: ” Consent” and “Authorization”
6. More About Your Right to Access Your Medical Records
7. Your Health Records and Your Employer
8. Your Health Records and the Government
9. Your Health Information and Your Credit Report
10. HIPAA and Your Daily Routine
11. Complaints and Penalties for Violations
12. The HIPAA Security Rule
13. Electronic Health Records (EHRs)
14. The 2009 Stimulus Law, Electronic Health Records, and Privacy
15. Health Information Privacy in California
16. Tips for Safeguarding Your Medical Information
17. References and Resources

Law Enforcement to Use Facial Recognition Equipment

Kaye Beach

July 30, 2011

“Surveillance comes with a price. It dulls the edge of public debate, imposes a sense of conformity and introduces the uneasy feeling of being watched. It chills culture and stifles dissent. … The new legal authorities and the government’s partnership with private information companies now pose a direct threat to this three-decade-old effort toward openness. … Their capabilities have raced far ahead of the nation’s understanding and laws. The legacy of these efforts will be with us for many years.”

Robert O Harrow- Nowhere to Hide

by Raven Clabough

July 14, 2011

July Law enforcement officers across the country are preparing to make widespread use of facial recognition equipment to identify people based on a picture of their face or a scan of their iris, or on a fingerprint reader. And concerns have already been raised among the liberty-minded over how the information would be gathered and used. The Mobile Offender Recognition and Information System (MORIS), produced by B12 Technologies of Plymouth, Massachusetts, runs on the iphone platform. B12 officials report that the company already has contracts with 40 government agencies to deliver 1,000 devices

Read More

Meet the ‘Keyzer Soze’ of Global Phone-Tracking

From WIRED

JULY 18, 2011

Chances are you’ve never heard of TruePosition. If you’re an AT&T or T-Mobile customer, though, TruePosition may have heard of you. When you’re in danger, the company can tell the cops where you are, all without you knowing. And now, it’s starting to let governments around the world in on the search.

The Pennsylvania company, a holding of the Liberty Media giant that owns Sirius XM and the Atlanta Braves, provides location technology to those soon-to-be-merged carriers, so police, firefighters and medics can know where you’re at in an emergency. In the U.S., it locates over 60 million 911 calls annually. But very quietly, over the last four years, TruePosition has moved into the homeland security business — worldwide.

Around the world, TruePosition markets something it calls “location intelligence,” or LOCINT, to intelligence and law enforcement agencies. As a homeland security tool, it’s enticing. Imagine an “invisible barrier around sensitive sites like critical infrastructure,” such as oil refineries or power plants, TruePosition’s director of marketing, Brian Varano, tells Danger Room. The barrier contains a list of known phones belonging to people who work there, allowing them to pass freely through the covered radius. “If any phone enters that is not on the authorized list, [authorities] are immediately notified.”

TruePosition calls that “geofencing.” As a company white paper explains, its location tech “collects, analyzes, stores and displays real-time and historical wireless events and locations of targeted mobile users.”

Read more

Massachusetts DMV Facial Recognition FAIL-lawsuit to follow

                                                                                                                                            Kaye Beach

July 24, 2011

This gentleman driver got a shock when he was informed that he must cease driving because his license had been revoked.

The Massachusetts DMV (like most state DMV’s) is collecting the facial biometrics of every driver and then using that data to enter each unwitting person into a digital line up that pits their puss against the mugs of fraudsters.

Remember the quaint notion of “presumption of innocence”?

Mr Gass  unfortunately got  fingered  as a bad guy by the less than flawless technology.  Now he is suing for his trouble.

From Boston.com

July 17, 2011

Caught in a dragnet

A fraud prevention system erroneously revoked his license, and now he’s suing for his hardship

read more

India’s Biometric ID: Optimism beats evidence

Kaye Beach

July 23, 2011

Biometrics for identification is not working as advertised and the word is getting out.

A few months ago on AxXiom For Liberty Live,  we spoke with David Moss, IT Specialist, Researcher and longtime campaigner against the UK’s biometric ID scheme.

“Optimism beats evidence in the drive to fingerprint the world” according to David Moss.

David’s work proves that India’s plan to bio metrically identify and number 1.2 billion of India’s people is bound to fail.  India’s ID card scheme – drowning in a sea of false positives by David Moss

This article, Aadhaar: on a platform of myths, published in The Hindu on July 17, 2011,  attacks “three big myths” about India’s biometric ID (called Aadhaar).

The author, R. Ramakumar writes;

It is said that the greatest enemy of truth is not the lie, but the myth. A democratic government should not undertake a project of the magnitude of Aadhaar from a platform of myths. The lesson from the U.K. experience is that myths perpetrated by governments can be exposed through consistent public campaigns. India direly needs a mass campaign that would expose the myths behind the Aadhaar project

Myth #3 deals with the enormous amount of errors that this system would produce.

There is no doubt that the system is unworkable and contrary to the governments expressed desire to use the ID system to help the people, this plan would actually cause hardship for many of the people enrolled.

Who really benefits from mass enrollment in India’s biometric identification system, Aadhaar?  It is NOT the people!

Please share this information and help India get the mass campaign they need to expose and stop this awful program from being forced upon them.

Aadhaar: on a platform of myths

The Aadhaar project, just as its failed counterpart in the U.K., stands on a platform of myths. India needs a mass campaign to expose these myths.

. . .The experience with identity cards in the United Kingdom tells us that Mr. Blair’s marketing of the scheme was from a platform of myths. First, he stated that enrolment for cards would be “voluntary”. Second, he argued that the card would reduce leakages from the National Health System and other entitlement programmes; David Blunkett even called it not an “identity card,” but an “entitlement card.” Third, Mr. Blair argued that the card would protect citizens from “terrorism” and “identity fraud.” For this, the biometric technology was projected as infallible.

Read more

Oklahoma Kids Rounded Up, Hauled Off While Parents’ Backs Were Turned

Kaye Beach

July 23, 2011

Imagine leaving a theater with your child at just before 11pm in the evening.  You ask your young one to wait in front of the theater while you retrieve the car and swing around to pick them up.  When you pull up to collect your child only minutes later, he or she is no where to be found.

Read this article.

BY BRYAN DEAN

Published: July 20, 2011

Oklahoma City Police Chief Bill Citty agreed Tuesday his officers made mistakes Saturday when they rounded up about 20 teenagers on curfew violations in front of the Harkins Bricktown Cinema and hauled them away in what one parent described as a “paddy wagon.”

Read more: http://mood.newsok.com/oklahoma-city-parents-complain-police-wrongly-rounded-up-teenagers-in-bricktown/article/3587106#ixzz1Sxm2y0ug

Virtual Alabama

Kaye Beach

July 23, 2011

“The real danger is the gradual erosion of individual liberties through automation, integration,

and interconnection of many small, separate record-keeping systems, each of which alone may seem innocuous, even benevolent, and wholly justifiable.”  U. S. Privacy Study Commission

GIS stands for  Geographic Information System

“GIS is a computer system for capturing, storing, checking, integrating, manipulating, analyzing  and displaying data related to location. What separates GIS from other types of information/databases is that everything is based on location (georeference).”

 Link  

“GIS organizes geographic data so that a person reading  a map can select data necessary for aspecific project or task. A thematic map has a table of contents that allows the reader to add layers of information to a basemap of real-world locations. For example, a social analyst might use the basemap of Eugene, Oregon, and select datasets from the U.S. Census Bureau to add  data layers to a map that shows residents’ education levels, ages, and employment status.” Link

Read more about GIS “Getting the Gist of GIS“

Here is an excerpt about a program called Virtual Alabama which is based on GIS  from Surveillance in the Time of Insecurity By Torin Monahan

Pg 44-49

“Virtual Alabama”

Virtual Alabama is a complex database replete with three-dimensional imagery of most of the state (including, for example, buildings, roadways, power plants, refineries, and airports), GIS overlays for additional contextual information, building schematics, video surveillance access for all public cameras, algorithmic scenarios for likely direction of chemical plumes in case of a toxic release, and so on (see figure 1).

Modeled after the Google Earth platform, this science fiction- like surveillance system allows real-time access for all first responders in all counties within the state. James Walker explained that at first DHS had a very difficult time convincing local sheriffs that they should participate and share their data. This obstacle was overcome, however, when DHS promised to include a GIS overlay for all registered sex offenders in the state, showing exactly where each of them are supposed to be residing.

. . . The vision for Virtual Alabama, and for similar applications in other states, is to map everything and share data liberally. DHS envisions being able to share data regionally and nationally so that all emergency responders have access to the system, from local public safety providers to the National Guard—and, one must suspect, private contractors as well, especially because in addition to security contractor companies like Blackwater, which has been rebranded as “Xe Services,” fire departments have jumped on the privatization bandwagon too.27 DHS would like to achieve total “situational awareness” from the system, including real-time GPS data on the location of all state troopers, real-time readouts of available beds in hospitals, and GIS overlays for hunting licenses issued and chicken farms (in case of an avian flu outbreak).

There may be perks for businesses too. James Walker said that he would like to make the data available to corporations as an incentive for them to relocate to Alabama. Or, he continued, insurance companies and FEMA might like to have access to before-and-after aerial photographs of disaster sites so that they can determine who should really qualify for reimbursement to repair damaged property. In other words, this high-tech security application can be used to protect the assets of private companies or the state from the “security threat” of fraud.

. . . What is glaringly absent here is any discussion of the extent to which systems like Virtual Alabama could create new security threats. The detailed mapping of critical information can be as dangerous as it is useful if it falls into the “wrong hands.” This possibility, however, is not on the agenda of those advocating for such systems, which reveals that the goal of generating profitable data may be just as important as protecting the public, if not more important.

. . . the privacy of individuals is at significant risk with current levels of liberal data sharing among private companies and government agencies, along with the absence of serious privacy regulations in the United States.29 DHS Fusion Centers promise to institutionalize the data sharing that has been ad hoc to date. Second, while it is unclear if Google or similar companies will have access to data entered into security applications like Virtual Alabama, the centralized stockpiling of diverse data elements will certainly allow for intensified surveillance of people, whether for purposes of public safety, consumer marketing, fraud detection, or other unimagined possibilities enabled by these systems.  The limited information currently available on these nascent systems indicates that DHS is more than willing to approve the sharing of public data with private companies to encourage them to relocate their businesses or help them detect fraud. It is only a matter of time before other mutually profitable—but probably liberty-decaying—arrangements are discovered.

Read More

Santa Cruz County Sheriff Facilitating Illegal Installation of Smart Meters

Kaye Beach

July 22, 2011

From Santa Cruz Indymedia posted July 20, 201

Santa Cruz, CA– This morning at approximately 7:45am, Santa Cruz County Sheriff’s Deputies responded to a “smart” meter protest at the Wellington Energy yard at 38th and Portola in the unincorporated Opal Cliffs area of Santa Cruz County where PG&E contractors Wellington Energy are based. Wellington has been installing wireless “smart” meters throughout the county, violating ordinances in Capitola, Watsonville, and the County that prohibit installations due to urgent concerns about health impacts from the meters’ wireless pulses, which have been measured at 100 times the strength of a cell phone , as well as privacy violations, ongoing accuracy issues and a series of fires and explosions caused by the new meters.

Thousands of people have submitted written health complaints to the California Public Utilities Commission (CPUC), and in May the World Health Organization made an earth shattering declaration- that non-ionizing radiation from cell phones, cell towers, wifi, and “smart” meters, has been linked with a number of cancers. “Smart” meter radiation is now categorized as a class 2b carcinogen in the same cancer causing category as lead, DDT, and engine exhaust. Nevertheless, PG&E continues to maintain that their meters are safe. The utility has been citing the World Health Organization’s past reassurances in their public statements. Now, they are no longer referring to the health issue at all, as no independent health organizations will back up their reassurances of safety. Instead, they recently mailed a 4 page glossy brochure to every household in Santa Cruz County, stating that “smart” meters will “cool the planet” despite PG&E’s own admission that the program has not reduced a single kwh of energy use despite more than 80% of the meters already being installed throughout California.

Read more

Civil Disobedients Take 2 on AxXiom For Liberty Live July 22 6-8pm CST

Kaye Beach

July 22, 2011

Listen to AxXiom For Liberty Live on Rule of Law Radio Network tonight from 6-8pm CST

How Free Do You Want To Be?

Howard and I are excited to be welcoming back Adrian Wiley and Joel and Robert Chandler!

Listening info here

These guests represent the ground level labor of individuals who are putting it all on the line to preserve and protect our Liberty.

 

In the last “Civil Disobedients” show aired on June 10, 2011, one of our “disobedients” was Adrian Wiley, co host of Liberty Underground, an AM radio show on WTAN Clearwater Florida.

Adrian, also the Chairman of the Libertarian Party of Florida took a stand against waiving his Fourth Amendment rights in the state of Florida in order to get his REAL ID card.

Fla. Libertarian Party Chairman to Surrender Driver’s License in Real ID Protest

Florida now requires that all driver’s license and state ID card applicants be subjected to a “digital facial image capture” that is compatible with facial recognition software.  Wyllie believes that all of these intrusive requirements are a violation of the Fourth Amendment to the U.S. Constitution, and his ultimate goal is to challenge Real ID in court.

Read more

Adrian surrendered his license and has been cited for the offense of traveling without a driver’s license.

Apparently it took some effort to get local law enforcement to pay attention to Adrian’s non-compliance.  Story and video here

Adrian Wiley will be with us tonight to update on his situation and explain the real problems that REAL ID presents for ordinary Americans.
Lifting the Fog

We are pleased to have Joel and Robert Chandler back to update us on their work in the State of Florida championing transparency.

Though not violating the law in any shape form or fashion, Joel and Robert Chandler are still getting plenty of attention from public officials and law enforcement.

Joel and Robert are the two gentlemen from Florida that broke open the story about Florida toll booth operators detaining people who tried to pay their toll fee in cash.  The travelers were forced to give up all kinds of personal information before they were permitted to be on their way.  Joel and Robert filed a lawsuit.

As we found out when we spoke to then two last, records requested by Joel and Robert revealed that law enforcement seemed to be keeping a very close eye on them.  What is their crime?  Nothing more than asking for public records that is the clearly legal right of every Floridian.

Listen to the April 8, 2011 broadcast- A4L_2011-04-08_64k.mp3

 

Here is the latest opacity and outrage encountered by the pair.

From Fogwatch.org

Public Records Lawsuit Filed Against Corrections Corporation of America

July 1, 2011

…On June 3, 2011 Robert and I visited Moore Haven Correctional Facility for the express purpose of inspecting and photographing non-exempt public records.  The records requested were the visitor logs from the previous weekend.  There is no statutory exemption of these records from public access.

The response of Assistant Warden Douglas Fender was to deny access to public records, threaten criminal prosecution and to demand that deputies from the Glades County Sheriff’s office confiscate and destroy the our photographic equipment.  Douglas Fender summoned three sheriff’s deputies and one state trooper who subsequently detained us for almost one hour inside the prison.

Before the we were released we were issued a written trespass warning and told that if we EVER return, even for the purpose of making a public records request, we will be arrested.

Read More

Be sure to read The Florida Center for Investigative Reporting coverage of the excellent work of these gentlemen in a multi-part series.

$100 Bill Takes Toll, Part 1

My Oklahoma Biometric Boondoggle

Back in June, on our first civil disobedience show, I had just begun my legal journey resulting from my inability to obtain a valid license that doesn’t violate my rights.  My traffic court date was yesterday and I will tell you the outcome of that event tonight.  (See my “My Real ID Reckoning” and “Today was a good day for freedom: Kaye Beach’s legal journey moves forward” for more.)

America is open for business! US-China Conferences in Utah

Kaye Beach

July 20, 2011

“In welcoming China, Europe is swimming with the tide of history; America is struggling against it.”

That is the most coherent quote from this tail-chasing article from the Economist on Chinese direct investments abroad.  The article mostly seems to argue that Americans ought to get over it like the Europeans have and welcome our communist friends in with open arms.  Of course, the article then goes on to admit the English (that is the people of England!) find getting into bed with China almost as distasteful as their American counterparts.You can read that article, Welcome, bienvenue, willkommen, here

Should we welcome China with open arms?  I remain unconvinced.

After reading this report written by Amanda Teegarden, Executive Director of OK-SAFE (Oklahomans for Sovereignty and Free Enterprise) who was our eyes and ears at  the recent US-China Conferences held last week in Utah, I am even less enthusiastic.

Exclusive reporting by OK-SAFE;

Imagine “The Best Little Whorehouses in…uh, Utah?” U.S.-China 2011 Conferences

“On behalf of the people of Utah, I beg you for your continued partnership with Utah” Utah Governor Gary Herbert to the Chinese officials and business interests present at the U.S.-China 2011 Trade, Education & Culture Conference, 7-14-11

Read the report