New Guidance for Employers Conducting Background Checks

By Angela Galloway

Employers who investigate workers' criminal or credit backgrounds may want to review federal guidelines released March 10.

The joint publication of the Federal Trade Commission and the Equal Employment Opportunity Commission provides detailed guidance for employers who check into the criminal or credit histories of applicants or employees. “Background Checks: What Employers Need to Know” aims to guide employers in complying with federal laws that prohibit workplace discrimination and regulate commercial background reporting agencies.

Separate laws restricting employers’ ability to request and/or rely on such background checks have also been enacted by many states and cities, including Seattle and San Francisco.

The publication released today offers guidelines for developing policies and practices that avoid improper practices or discriminatory employment decisions. For example, the report advises:

Continue Reading...

FTC's 50th Data Security Settlement Sends a Message: Be Careful with Overseas Contractors

By Adam H. Greene, Rebecca L. Williams, and Sarah S. Fallows

 
The Federal Trade Commission (FTC) sent a message about the importance of imposing appropriate security measures on—and monitoring—vendors with access to confidential consumer information. The FTC issued a 20-year consent order with GMR Transcription Services (GMR) over its overseas contractor’s data security breach. The decision marks the FTC’s 50th information security settlement and fifth health information complaint (four of which have settled). For health care providers and business associates, the GMR settlement suggests that the FTC has higher expectations than HHS regarding management and oversight of vendors and other downstream subcontractors, especially when these vendors are outside of U.S. jurisdiction. The GMR settlement did not involve security failures by GMR itself, but by a subcontractor, Fedtrans.
 

Supreme Court Considers Damages for Privacy Violation's Emotional Harm

By Adam H. Greene

On Nov. 30, 2011, the U.S. Supreme Court held oral arguments in Federal Aviation Administration v. Cooper, No. 10-1024. At issue in the case is whether the plaintiff is entitled to damages under the Privacy Act of 1974 for emotional distress caused by the government’s disclosure of his HIV status, including “sleeplessness, loss of appetite, physical tension, agitation, isolation from friends and anxiety.”

Continue Reading...

California Breach Disclosure Law Now Covers Medical Records

By Charlene Brownlee

California extended its data breach notification law to include incidents involving electronic medical and health insurance information. California's data breach law, SB 1386, had previously covered only financial records. The new law, AB 1298 took effect January 8, 2008. The law adds medical and health-related information to the existing breach notification law definition of "personal information" and expands the application of the Confidentiality of Medical Information Act (CMIA) to include any business organized for the purpose of maintaining medical information.
 

Continue Reading...

So When Did Protecting Privacy Become Unconstitutional?

Posted by Thomas Jeffry

The clash between privacy advocates and those companies who make millions of dollars collecting and selling data about pharmaceutical prescription patterns was perhaps inevitable. When the State of New Hampshire passed the Prescription Confidentiality Act last year, leading health information brokers were quick to challenge the law which prohibited prescription information records which contain identifiable data about a patient or prescriber from being transferred, licensed, sold, or used for most commercial purposes. The Act specifically precluded the use of prescriber-identifiable data for "physician detailing" used by pharmaceutical companies to track the prescribing-habits of physicians in order to target individual sales pitches to such physicians.

Continue Reading...

Should Privacy/Security be the scapegoat for the slow adoption of IT in health care?

Posted by Thomas Jeffry

Intel CEO Paul Otellini was quoted recently in the  Financial Times attacking the healthcare industry as "the slowest moving industry in the world" because it was the least penetrated by IT. 

Mr. Otellini’s comments follow several post-mortem reports posted last week by Health Affairs  discussing the reasons for the demise of the Santa Barbara County Care Data Exchange (SBCCDE) last December. SBCCDE was considered a pioneer for community-based electronic health information exchange (HIE) also know as regional health information organization (RHIO). In principle, HIEs are intended to create a simple and secure way to electronically share patient data between health care providers, caregivers, and consumers.

Continue Reading...

Watching Them Watching Us

Posted by Thomas Jeffry

An interesting development from the American Medical Association is worth noting.

The AMA House of Delegates met in Chicago at the end of June where it received a report previously requested by that group’s governing body on the medical and ethical implications of the use of implantable radio frequency identification (RFID) microchips in humans. Use of RFID chips were approved for use in humans by the Food & Drug Administration in 2004. Similar versions of such chips are commonly used to tag pet dogs and cats for identification purposes. 

Continue Reading...

Medical Records: Who Owns the Information?

Posted by Peerapong Tantamjarik

In today's New York Times Dr. Klitzman, a psychiatrist at Columbia University, writes a short essay describing how a mother reviewed her paper medical chart at a clinic and, without informing any clinic staff, removed certain pages from her records. Those pages contained information revealing that she was at risk for Huntington's Disease, a fatal genetic disorder for which famous folk singer, Woody Guthrie, died of. As the mother put it, "I stole it for my kids' sake" - which is not all too hard to fathom. She was frightened that because Huntington's is hereditary, her kids would be denied health coverage if insurance companies found out about it.

Continue Reading...

Electronic Health Records

Posted by Brian Bennett

The Chairperson of the House Federal Workforce subcommittee, Jon C. Porter, is proposing legislation to promote the use of electronic health records in the federal employee health insurance program. Health information technology is viewed by many health professionals as an important step towards the availability of accurate and complete patient information, and ultimately cost-effective treatment of patients. Privacy advocates are concerned about threats to patient privacy posed by a national electronic health records system. Congressman Porter says that he would expect electronic medical records to be at least as safe as transactions involving financial information, which may not be much comfort to federal employees given the spate of recent data breaches.

Give Me (Secure) Electronic Health Records, Or Give Me Death

Posted by Peerapong Tantamjarik

In a recent poll conducted for the Markle Foundation, an information technology policy organization, over 70% of Americans favored the use of electronic health records that can be accessed over the internet. The poll results have made national news. President George Bush has called for nationwide paperless health records by 2014, and the survey reports that four in five Americans (80%) believe that if physicians kept electronic medical records on their patients, health care quality would improve and medical errors would be reduced, because authorized doctors would be able to retrieve a patient's medical history in a matter of seconds. An equal number (81%) believe that the ability of researchers to review millions of records anonymously to determine best treatment practices would help all doctors improve the quality of medical care.

Continue Reading...

Health Privacy Compromised, But When Is It Okay To Share?

Posted by Peerapong Tantamjarik

While not involving computer hackers, here's a story about an old-fashioned invasion of privacy. The Kansas City Star reported on September 28th that a University of Missouri hospital faces a class-action lawsuit after allegedly releasing confidential medical records for hundreds of patients to a company it hired to solicit business. The suit was filed earlier this year on behalf of approximately 800 patients with liver diseases, including hepatitis C. The complaint alleges that records were turned over by University Hospital's internal medicine chairman to a home health care provider dba Option Care, who then allegedly called the patients in an effort to sell them antiviral drugs and keep them in the hospital network. The Option Care nurse who contacted the patients using the list from the hospital stated that the calls were not for solicitation, but for patient safety.

Continue Reading...