This week a judge ordered that the approximately 10 million records of California students held by the California Department of Education will not be turned entirely over to a group of community nonprofits in the Morgan Hill case. Instead, the judge ordered that several smaller databases may be turned over ...
This week the New York Times reported that some California members of health insurer Anthem Blue Cross received disturbing emails with exposed subject lines related to their sensitive medical information. From the article: " But the emails’ subject lines included member-specific demographic details like age range and language. They also ...
Learn to protect mobile users and build safe mobile apps at the Mobile Privacy Summit Oct. 23 in Los Angeles. The office of California Attorney General Kamala Harris and the Federal Trade Commission join WPF's Pam Dixon and other privacy experts to discuss best practices and regulatory requirements you should be aware of to ensure the privacy of mobile app users. Registration is free of charge.
San Diego -- The California AG's office and the US Federal Trade Commission are holding a mobile privacy summit October 23, in Santa Monica, California. The emphasis of the event is to learn how to protect consumers and build safe mobile apps, and is directed at app developers and businesses. ...
WPF's new interactive map identifies Health Information Exchanges in California. A Health Information Exchange, or HIE, is technology that enables the electronic movement of health-related information among health care providers and others. HIEs are an increasingly popular way for hospitals, pharmacies, labs, and emergency room physicians to share patient information. HIEs can exchange records across one hospital, across multiple hospitals in a region, or across a whole state. If your health information is being shared through an HIE, your lab test results, medications, medical history, or other clinical information related to your health care may be included in the sharing. See more about HIEs and our California HIE Map here.
This FAQ, glossary, and tipsheet about Health Information Exchanges is designed to work in tandem with our HIE map and directory of California HIEs, available here. If you have questions about HIPAA beyond those answered here, please see our extensive resource, A Patient's Guide to HIPAA.
Data breach -- The state of California issues a first-ever statewide data breach report. In 2012, 2.5 million Californians had their data breached. Of those breached, the study found that The report found that "1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network."
Senior ID Theft and privacy -- Pam Dixon speaks to Los Angeles County social workers and financial abuse support teams today to share WPF's wealth of information about medical identity theft and how this crime impacts seniors. WISE and Healthy Aging is hosting this important meeting.
Reputation and privacy -- Pam Dixon spoke at the Southwestern Law School Privacy Conference on the topic of reputational privacy Friday the 22cnd along with Neville Johnson and Paul Tweed. Dixon highlighted three key consumer situations WPF assisted with recently, discussing the employment challenges consumers faced when harmful material was available online during the job search process.
July 21, 2012 San Diego, California -- Today the World Privacy Forum filed comments on California's plan to harmonize existing California state law to federal health privacy laws. California's health privacy law, the CMIA, offers Californian's stronger privacy protections than national level health privacy laws. WPF urges California to reconsider its plan to weaken Californian's privacy. Executive director Pam Dixon said "The harmonization plan coming out of California's Department of Health and Human Services is not in harmony with California patients and their health privacy."
New California privacy enforcement office -- California Attorney General Kamala Harris has created a new privacy protection and enforcement unit. The unit will be housed in the Department of Justice and will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws, a news release said. "The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights. " Joanne McNabb, who ran the now de-funded California Office of Privacy Protection, will serve as director of privacy education and policy for the unit.
HIE interactive map -- WPF has posted a new interactive map of health information organizations and exchanges in California. This is a map-in-progress, and we will be adding data to the map in stages.
Mobile Apps -- Pam Dixon will be speaking in the Privacy Summit Series in dialogue with the leading mobile app developers in Los Angeles and San Diego, both mobile app hotspots. The dialogues are part of a national series aimed at fostering a robust discussion between privacy experts and leading developers. The Los Angeles event is taking place June 5, the San Diego event is June 6.
California privacy -- The just-published California budget nixes the California Office of Privacy Protection, the first state-level privacy office in the United States and the source of crucial privacy assistance and information for Californians and California businesses. The World Privacy Forum is urging the Governor to reinstate funding for this critical office for Californians.
California has proposed regulations for health information exchange projects in the state. WPF has submitted comments encouraging more privacy protections, and we are joined in our comments by Privacy Activism and the Center for Digital Democracy. One key request in the comments is that California not allow patient consent to be waived in HIE projects. We are also requesting that California create a unified web listing of its HIE projects for increased transparency and to facilitate patient access to HIE information and policies.
Data brokers -- WPF will be speaking at the CFP conference on two panels. On June 15, Pam Dixon will participate in a plenary session on data brokers. On June 16, Dixon will moderate a health care privacy panel. This panel will focus on electronic health care in the state of California and the current privacy issues in electronic health exchange.
California health privacy -- The World Privacy Forum, as co-chair of the California Privacy and Security Advisory Board, was pleased to vote on an opt-in privacy standard for Californians in the June CalPSAB board meeting. The standard will be part of a set of guidelines the state of California uses in its development of electronic health care records. This set of guidelines was the culmination of two years of policy work with the CalPSAB board.
Cloud computing -- The World Privacy Forum sent a letter to Los Angeles Mayor Villaraigosa today expressing concerns and questions about a proposed contract to move the city of Los Angeles' email and some other computing tasks to a cloud-based system. The Forum expressed concerns in particular about the lack of contractual protection for health data, AIDs data, genetic information, domestic violence and sexual assault victim information, among other sensitive information. The Forum suggested the city undertake an independent and thorough risk assessment prior to completing the contract, and suggested a robust public comment process that includes all stakeholders. The City will take up the issue of this contract at a city council Information Technology Committee meeting on Tuesday July 21. The World Privacy Forum published a detailed analysis of the privacy issues of cloud computing in February which outlines the challenges and ambiguities that governments and others face as they make decisions about what data to put in the cloud.
The World Privacy Forum sent a letter to Los Angeles Mayor Villaraigosa today expressing concerns and questions about a proposed contract to move the city of Los Angeles' email and some other computing tasks to a cloud-based system. The Forum expressed concerns in particular about the lack of contractual protection for health data, AIDs data, genetic information, domestic violence and sexual assault victim information, among other sensitive information. The Forum suggested the city undertake an independent and thorough risk assessment prior to completing the contract, and suggested a robust public comment process that includes all stakeholders. The City will take up the issue of this contract at a city council Information Technology Committee meeting on Tuesday July 21. The World Privacy Forum published a detailed analysis of the privacy issues of cloud computing in February which outlines the challenges and ambiguities that governments and others face as they make decisions about what data to put in the cloud.
Resource -- A substantial new resource for individuals seeking to research California laws and regulations regarding health information has come online. The CHILI database is a project of the California Office of Health Information Integrity, and has interfaced with the California Privacy and Security Advisory Board, which the World Privacy Forum co-chairs. The CHILI database can be searched by HIPAA section, California Code section, California health information law keywords, or by statutory scheme.
Biometrics and ID -- The California DMV (Division of Motor Vehicles) has proposed, through an expedited 30- day process, that it begin taking detailed facial scans of drivers and storing the scans in a state-wide database. This change, among other proposed DMV changes, represents a substantial policy shift for the state of California. The World Privacy Forum has urged that this process goes through normal legislative procedures so that there is adequate time for public input and for formal hearings.
Internet privacy -- The World Privacy Forum, Privacy Rights Clearinghouse and EPIC were joined by California-based EFF, the ACLU of Northern California, Consumer Action, Consumer Federation of California and other national groups in asking Google's CEO Eric Schmidt to provide a prominent link to the Google privacy policy directly from its home page. Google has recently been criticized for not providing a link to its privacy policy from its home page, as the California Online Privacy Protection Act requires. The groups noted that linking to a privacy policy on a home page is considered a widespread best practice.
Announcement | CalPSAB -- WPF executive director Pam Dixon has been appointed by California Secretary of Health and Human Services Kim Belshe to the California Security and Privacy Advisory Board. Dixon will serve as interim co-chair of the board, which is tasked with addressing health information exchange (HIE) privacy and security efforts in California. The board's meetings will be open to the public.