Category:

Privacy & Security

FISA Section 702 and the Fading Future of Effective Surveillance Laws in the Midst of Governmental Mishaps

Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows the United States government to obtain access to the communications (e.g. emails) of non-U.S. citizens without a warrant. The rationale behind the law is its potential for use in gathering intelligence on potential terrorists and potential terrorist activity. The law has become controversial because intelligence on U.S. citizens has incidentally occurred as well, as emails and phone calls from U.S. citizens have been contained in intelligence-storing databases. As the law expires at the end of 2017, Congress is considering changing the ways intelligence is collected pursuant to the collection procedures stipulated under the law. 

When Selfies Go Wrong

On September 25th, a former Okaloosa County, Florida paramedic, Christopher Wimmer, was sentenced to six months jail time and three years’ probation for taking “selfies” with incapacitated victims in ambulances last year and sending them to a co-worker. He and his co-worker, Kaylee Renee Dubois, were engaged in a “selfie war” with each other and snapped images and videos of patients in ambulances who were unconscious, sedated, intoxicated, or incapacitated. In total, 101 photos, 64 videos, and 41 patients were photographed or recorded during the so-called war, and a mere three patients consented to photographs being taken of them. Employees’ missteps with the privacy rights of patients have a negative lasting effect on their employer, their own career, and their patients.

Cybersecurity Breaches Increasing in Healthcare Organizations

According to data from HHS’ Office of Civil Rights (OCR), healthcare data breaches in 2017 are set to outpace those from 2016. Security experts have determined this increase is due to two factors: getting entry into a system has become easier, and organizations are now more inclined to report breaches. Yet despite the increase in data breaches and the costs of settling with HHS OCR, a majority of healthcare organizations are still only spending 1-6% of their budgets on cybersecurity measures.

Privacy in Insecurity

Though the rain has stopped falling, Houston is still dealing with the aftermath of Hurricane Harvey, one of the largest and most destructive rainfall events on record. Healthcare providers in particular find themselves struggling to keep up with the various health problems caused by the flooding itself, on top of getting life-sustaining care to individuals with chronic or preexisting conditions. Crises like Harvey create serious problems for the delivery of care, but also for regulating it—circumstances are so uniquely devastating that standards can feel like barriers to necessary medical attention. And when family and friends are desperate to know if their loved one is out of danger, even the right of privacy seems negligible.

However, natural disasters and emergency events shouldn’t be used as an excuse to regulate away protections individuals depend on, such as the privacy and confidentiality of their personal information. Regulators must be careful when determining how to respond in a crisis—overreaching for the sake of bringing relief or under-regulating for flexibility can leave the public high and dry when the floodwaters recede.

Securing All The Things: Cybersecurity, D-Link, and the Expansion of IoT

The internet of things (IoT) holds promise for new ways to interact with and leverage technology; however, ever-expanding connectivity brings increased vulnerability. Addressing security and privacy issues is necessary for the continued growth of the IoT—and, as the U.S. Federal Trade Commission’s case against  D-Link Corporation demonstrates, one of vital interest to regulatory lawmaking bodies as well.

Bose Accused of Blasting Consumer Listening Habits to Third Parties

Global music technology giant and headphone maker, Bose Corporation, has been hit with a class-action lawsuit alleging that Bose collected the listening preferences of the users of its wireless headphones and its companion application without their knowledge and sold that information to third parties. Counsel representing the class filed the complaint in federal court in Chicago, Illinois alleging violations of the Electronic Communications Privacy Act (“ECPA”) and the Illinois-specific Eavesdropping Statute.

Golden State Warriors Run Afoul to the Electronic Communications Privacy Act

The 2016 National Basketball Association Champions, the Golden State Warriors, have been accused of wiretapping and listening in to fans’ conversations without consent or knowledge in violation of the Electronic Communications Privacy Act (“ECPA”), also referred to as the Wiretap Act. A new amended complaint alleges the warriors recorded fans’ oral dialogue via a phone application typically used to keep fans up-to-date on team scores, schedules, news, and statistics.

HIPAA Punctuality: Always Insist On It In Your Subordinates

In an unprecedented act, the Office for Civil Rights (OCR) entered into a settlement agreement with Presence Health Network based on the healthcare system’s failure to timely report a breach of unsecured protected health information (PHI). Under the Breach Notification Rule of the Health Insurance Portability and Accountability Act (HIPAA) a covered entity must notify affected individuals, the Department of Health and Human Services (HHS), and the media for breaches affecting 500 people or more. Presence Health will pay $475,000 and implement a corrective action plan (CAP) to address misunderstandings in workforce member roles and responsibilities relating to the notification process.

OCR Audits Subject To Phishing Hack

Christine Bulgozdi Associate Editor Loyola University Chicago School of Law, JD 2018   Back in November, the Department of Human Services (HHS) Office of Civil Rights (OCR) released an alert stating that a phishing scam masquerading as an OCR Audit had been spotted being sent out to Health Information Portability and Accountability Act (HIPAA) covered …
Read more

When Policies and Procedures Are Just Not Enough: Memorial Healthcare System Settlement

Alexander Thompson Associate Editor Loyola University Chicago School of Law, JD 2018   On February 16, 2017, the HHS Office of Civil Rights Acting Director, Robinsue Frohboese, announced the second largest HIPAA settlement fine ever. At $5.50 million, Memorial Healthcare System’s fine was just behind the $5.55 million given to Advocate Healthcare in 2016. Memorial …
Read more