In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
WPF comments on Multi-Stakeholder Process — WPF filed two sets of comments with the US Department of Commerce regarding the MultiStakeholder Process and the privacy topics to be taken up. The first set of comments were WPF’s formal filing of the joint Civil Society MultiStakeholder Principles on behalf of WPF and the American Civil Liberties Union, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumers’ Union, Consumer Watchdog, Electronic Frontier Foundation, National Consumers’ League, Privacy Rights Clearinghouse, and US PIRG. The second set of comments were WPF’s own comments to the Department. WPF urged the Department to employ a fair process, choose focused topics, and to apply the full range of the Consumer Privacy Bill of Rights to each topic.
Data Broker opt out — WPF, in 2011 comments to the FTC, urged the FTC to create a centralized place for consumers to opt-out of data broker tracking. This is a long-standing issue WPF has worked on. Previously, WPF filed a petition in 2009 to the FTC regarding mail-in data broker opt outs, which resulted in an FTC action and improvements for consumers. In its new report published today, the FTC has picked up WPF’s centralized opt out recommendation, specifically citing WPF’s comments. From its report: “The Commission recommends that the data broker industry explore the idea of creating a centralized website where data brokers that compile and sell data for marketing could identify themselves to consumers and describe how they collect consumer data and disclose the types of companies to which they sell the information.” The WPF strongly supports this idea and views assistance to consumers in this area as vital.
The FTC’s new privacy report — a long -awaited planbook for privacy in the digital age – has picked up several key recommendations the WPF has made. First, the report picks up WPF’s direct recommendation in its 2011 comments that the FTC set up a centralized web site to allow consumers to opt out of data brokers. The FTC has directly called for this as a primary part of its report. The WPF strongly supports this. Pam Dixon of the WPF originated the Do Not Track idea in 2007, and with a group of privacy experts, submitted the original idea to the FTC that year. Now, DNT has also made it into the final FTC report.
Following WPF on Facebook — WPF maintains an active Facebook page, and it features slightly different content than our home website. For Facebook, we make regular newsfeed postings about WPF activities and also post content for people who want to follow privacy via their Facebook newsfeeds. This past week, stories we’ve posted include a report on the economics of privacy, the new Pew study on privacy, a privacy-related human interest story, and news about the VZBW lawsuit in Germany against Facebook. It’s not the only way to keep up with WPF, but if you are on Facebook a lot, it is a good way. Our page is located