Archive for privacey

Planned Parenthood has a history of failing to protect patient privacy under HIPAA

Posted in Center for Medical Progress, HIPPA, Planned Parenthood HPPA with tags , , , , , , , , , , , , , , , , , on November 28, 2017 by saynsumthn

Americans are told that abortion is a “right” based on privacy. But when abortion providers like Planned Parenthood violate the privacy of women, abortion-friendly media and politicians are silent.

Planned Parenthood receives half a billion dollars annually from taxpayers and claims the majority of these dollars are Medicaid reimbursements. According to the Centers for Medicare and Medicaid Services (CMS), recipients of government programs that pay for health care, like Medicaid, must comply with the Health Insurance Portability and Accountability Act known as HIPAA.

But is Planned Parenthood following HIPAA laws? Multiple instances of privacy breaches at Planned Parenthood say no.

The latest video released by the Center for Medical Progress (CMP) further confirms what many already know all too well: when it comes to the privacy of abortion patients, Planned Parenthood is anything but trustworthy. Former Stem Express procurement technician, Holly O’Donnell, told CMP that Planned Parenthood revealed private patient medical information to third party contractors at fetal tissue procurement agency StemExpress in order to meet the company’s quotas for harvesting body parts from Planned Parenthood abortions:

O’Donnell said Planned Parenthood staff provided StemExpress contractors with private medical information of pregnant women coming into Planned Parenthood: “We’d go to the head nurse, let the nurses know, hey, this is what I’m looking for today. They’d give you a sheet of the appointments, which women were coming in, and it would tell you how many patients, what time they were coming in, their name, and if they knew how far along they were.”

Clearly, disclosing patient names is a violation of HIPAA.

According to HHS, the Privacy Rule protects all “individually identifiable health information held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral… Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).”

In 2016, the Washington Times reported, “The day before abortions were scheduled to take place… StemExpress was notified by fax by the clinics and granted medical files on individual patients.” O’Donnell told CMP that Planned Parenthood handed over a list of patient names and other private information to third party contractors before these patients signed a consent to release their personal information.

O’Donnell also reveals that Planned Parenthood gave StemExpress access to patient medical charts and even to the clinics’ computer network to download patient schedules across the entire Planned Parenthood affiliate. Emails from StemExpress management instruct procurement technicians: “EVERY Friday – please provide schedules for all the clinics you work in,” and, “All computers have access to other clinics.”

While this should shock politicians and media alike, tragically, accusations of carelessness and lack of concern for patient privacy at Planned Parenthood is not new.

In September of 2016, Live Action News released a two-part series exposing the way Planned Parenthood and the general abortion industry recklessly handles patient privacy. In those reports were documented case after case where Planned Parenthood was given a slap on the wrist for violating patient privacy — and in the cases reviewed at that time, no civil penalties had been issued.

CMS states that the U.S. Department of Health and Human Services Office for Civil Rights “enforces the HIPAA Privacy, Security, and Breach Notification Rules. Violations may result in civil monetary penalties. In some cases, criminal penalties enforced by the U.S. Department of Justice may apply.”

Breaches expose thousands of individuals

1. Planned Parenthood of Greater Washington and North Idaho (PPGWNI): 10,700 individuals exposed

A review of archived privacy breaches on file with the Office for Civil Rights (OCR), which affect more than 500 patients, reveals that in August 2016, Planned Parenthood of Greater Washington and North Idaho (PPGWNI), reported a breach which exposed 10,700 individuals.

2. Planned Parenthood Southwest Ohio: 5,000 individuals exposed

Another breach report states that on October 1, 2014, Planned Parenthood Southwest Ohio disposed of binders containing protected health information (PHI) for 5000 individuals, including names, dates of birth, lab results, and medications. Exactly what occurred in the privacy breach? Planned Parenthood’s archived prescription dispensing logs and waived lab test logs were left in an unlocked closet after business hours and a custodian mistakenly put them in a trash dumpster. The following morning, the dumpster was emptied by the trash collector, who took it to be buried with other garbage at a landfill that same day. And, as Planned Parenthood often claims it does when it violates government requirements, Planned Parenthood told the OCR that they conducted an investigation and re-trained all staff regarding HIPAA policies and procedures.

3. Planned Parenthood of the Heartland: 2,506 individuals exposed

Still under investigation is a July 2016 breach report reported by Planned Parenthood of the Heartland. This breach for “Unauthorized Access/Disclosure” affected 2,506 individuals. No additional information is available from OCR; however, HIPAA Journal reported the following:

The health center permanently closed its doors to patients this April year and the premises was listed for sale and was sold. However, hard copies of patient files were left in the Dubuque health center. In April 2016, individuals entered the medical center and could potentially have viewed and/or copied patient files. The potential breach was discovered by Planned Parenthood on May 6, 2016. The files have now been removed from the premises and have been secured. Planned Parenthood said this was an isolated incident and is not representative of the stringent privacy standards usually maintained by the healthcare organization.

Health Care Compliance Association summarized another case where Planned Parenthood violated privacy of a patient.  In January 2017, HCCA wrote, “a complaint filed against Planned Parenthood alleged that an employee posted a description of the procedure the individual had performed at the clinic on the individual’s public Facebook page.”

In response, HCCA states, “OCR sent Planned Parenthood the regulatory section on reasonable safeguards
and encouraged it to “assess and determine whether there may have been noncompliance… and if so, to take steps to ensure such noncompliance does not occur in the future.”

Other breaches

In addition to those listed above, the following are known instances of privacy breaches at Planned Parenthood:

  • California Planned Parenthood patient reported that following her visit, she received two text messages from an anonymous number, reading, “Damn, you have an STD WOW.”
  • Napa Planned Parenthood receptionist admitted to state officials that she had looked at private patient records because she was curious.
  • Alleged Planned Parenthood patient wrote online, “a worker there told a family member of mine about my privacy.”
  • In 2011, OCR received a complaint alleging that a worker at Planned Parenthood in New York “impermissibly disclosed” the complainant’s health information to her sister’s friend.
  • In 2012, a complainant informed the governing body that she had received a call from Planned Parenthood of Northeast Ohio asking her to contact them regarding recent test results. During the call, it was determined that she was not the correct patient.
  • In 2013, OCR was notified that Planned Parenthood of Delaware violated the Federal Standards for Privacy of Individually Identifiable Health Information.
  • That same year, Melody Meanor, the former Health Center Manager of Family Planning at Planned Parenthood of Delaware in Wilmington went public to expose the center’s privacy policies. A video and transcript of her statement is available online.
  • In 2013, a complaint was filed against a Planned Parenthood in Chicago, Illinois, which alleged that an employee impermissibly disclosed her private health information to a third party on Facebook.
  • complaint received by OCR in 2014 alleged that a Planned Parenthood in Trexlertown, Pennsylvania, violated the Federal Standards for Privacy Identifiable Health Information after sending a bill for a patient to the wrong person.
  • A 2014 complaint filed with the Texas Medical Board by former Planned Parenthood director, Abby Johnson, alleges that a Texas Planned Parenthood e-mailed their abortionist the ultrasound information of their patients — but not in encrypted form.
  • TAB, a records management company working with PPFA for over a decade, identified what they called “some serious problems” with the records of Planned Parenthood of Illinois, which oversees 17 branch locations.

In CMP’s video interview, O’Donnell tells David Daleiden that she has witnessed her colleagues log onto Planned Parenthood’s computers. O’Donnell provided copies of e-mails to CMP to support her claims.

“They would let us look at the physical charts outside the room,” O’Donnell stated, claiming that she was even asked to write in a Planned Parenthood patient’s chart, which she says she refused to do.

So much for privacy at Planned Parenthood.

  • This article is reprinted with permission. The original appeared here at Live Action News.

Big Brother wants to read your e-mail and Texas bill may Nullify NDAA Detention and TSA screening

Posted in Alex Jones, Big Brother, NDAA, Privacy, TSA with tags , , , , , , , , on November 21, 2012 by saynsumthn

A Senate proposal touted as protecting Americans’ e-mail privacy has been quietly rewritten, giving government agencies more surveillance power than they possess under current law.

CNET has learned that Patrick Leahy, the influential Democratic chairman of the Senate Judiciary committee, has dramatically reshaped his legislation in response to law enforcement concerns. A vote on his bill, which now authorizes warrantless access to Americans’ e-mail, is scheduled for next week.

Leahy’s rewritten bill would allow more than 22 agencies — including the Securities and Exchange Commission and the Federal Communications Commission — to access Americans’ e-mail, Google Docs files, Facebook wall posts, and Twitter direct messages without a search warrant. It also would give the FBI and Homeland Security more authority, in some circumstances, to gain full access to Internet accounts without notifying either the owner or a judge. (CNET obtained the revised draft from a source involved in the negotiations with Leahy.)

It’s an abrupt departure from Leahy’s earlier approach, which required police to obtain a search warrant backed by probable cause before they could read the contents of e-mail or other communications. The Vermont Democrat boasted last year that his bill “provides enhanced privacy protections for American consumers by… requiring that the government obtain a search warrant.”

Leahy had planned a vote on an earlier version of his bill, designed to update a pair of 1980s-vintage surveillance laws, in late September. But after law enforcement groups including the National District Attorneys’ Association and the National Sheriffs’ Association organizations objected to the legislation and asked him to “reconsider acting” on it, Leahy pushed back the vote and reworked the bill as a package of amendments to be offered next Thursday. The package (PDF) is a substitute for H.R. 2471, which the House of Representatives already has approved.

One person participating in Capitol Hill meetings on this topic told CNET that Justice Department officials have expressed their displeasure about Leahy’s original bill. The department is on record as opposing any such requirement: James Baker, the associate deputy attorney general, has publicly warned that requiring a warrant to obtain stored e-mail could have an “adverse impact” on criminal investigations.

Christopher Calabrese, legislative counsel for the American Civil Liberties Union, said requiring warrantless access to Americans’ data “undercuts” the purpose of Leahy’s original proposal. “We believe a warrant is the appropriate standard for any contents,” he said. REST HERE

MEANWHILE:

State lawmakers in Texas are fighting to reassert their citizens’ Fourth, Sixth, and Eighth Amendment rights. Republican legislators have submitted two bills, one to remove the indefinite detention provisions in the National Defense Authorization Act (NDAA), and the other to stop the intrusive screening procedures of the Transportation Security Administration (TSA).

HB149, the Texas Liberty Preservation Act filed by state Rep. Lyle Larson, targets the most controversial provisions of the 2012 National Defense Authorization Act. The online Huffington Post reports,

HB 149 specifically calls out Section 1021 and 1022 of the NDAA, which were recently subjects of a federal lawsuit filed by plaintiffs concerned that the language within the passages could be used to indefinitely detain U.S. citizens.

In October, a federal appeals court rejected the notion that the indefinite detention provisions found within the NDAA pose a reasonable threat to American citizens and blocked an injunction issued by another judge in May who had determined that the NDAA did not “pass constitutional muster.”

According to the appeals judges, “the public interest” outweighed the concerns raised by the plaintiffs. They determined that “the statute does not affect the existing rights of United States citizens.”

Lawmakers in the Lone Star State disagree. According to HB 149, sections 1021 and 1022 of the NDAA are “inimical to the liberty, security, and well-being of the citizens of the State of Texas” and violate both federal and state constitutions. READ REST HERE

Cameras in the skies over your neighborhood- Law enforcement granted permission to use DRONES on US citizens

Posted in Big Brother, Privacy with tags , , , , , on May 15, 2012 by saynsumthn

According to Bloomberg:

Public safety agencies will be able to operate unmanned aircraft with fewer restrictions, in the first changes in U.S. regulations that Congress ordered to broaden domestic use of non-military drones.

Police, fire and similar departments will be able to fly drones weighing as much as 25 pounds (11.3 kilos) without applying for special approvals needed under previous regulations, the Federal Aviation Administration said today in a statement on its website.

Today’s step is an interim one until the FAA completes rules to allow small drones for commercial purposes, Ben Gielow, government relations manager for the Association for Unmanned Vehicle Systems International, said in a phone interview. Congress ordered the FAA to complete those rules within two years. A proposed regulation is due this year.

“The FAA’s sole mission and authority as it focuses on the integration of unmanned aircraft systems is safety,” the FAA said.

Congress is encouraging more U.S. drone flights under a law that became final on Feb. 14, with the goal of adapting technology used by the military in Iraq and Afghanistan. The law also requires the FAA to name six test sites by June and integrate drones into the U.S. aviation system by 2015.

The rule announced today calls for agencies to first show they can operate a drone before getting an FAA permit. Drones must fly within 400 feet (122 meters) of the ground, remain in sight of the operator and stay clear of airports, the FAA said.

Pro-choice employee steals private abortion related medical records from Family Planning organizations like Planned Parenthood

Posted in Abortion, Abortion clinic HPPA Violations, Abortion Clinic Worders, Planned Parenthood and compromised patient records, Privacy, pro-choice, Pro-choice law breakers with tags , , , , , , , , on April 13, 2011 by saynsumthn

Vodpod videos no longer available.

Pro-choice man steals private medical records f…, posted with vodpod

Vodpod videos no longer available.

70,000 private patient records of Planned Paren…, posted with vodpod

Info on 70,000 stolen from Family Planning Council
4/12/2011

The Family Planning Council in Philadelphia has made public the theft of personal information of some 70,000 patients, which was stored on a flash drive.

The suspect is a 40-year-old man by the name of Kelly Stanton, a former employee who has been arrested and arraigned. However, the flash drive itself is still missing.
Stanton, who has a history of fraud convictions, was charged with the theft in February.

The theft happened between December 23rd and 27th, 2010 at the council’s offices, which were closed for the Christmas holiday. The discovery of the theft was made on the 28th when police were notified. Police say Stanton was fired on the same day of the discovery.

The data on the stolen flash drive included personal information only from patients who received reproductive health services at these and other providers between October 2, 2008 and November 30, 2010.

Specifically, patient name, address, phone number, social security number, date of birth, and other information including insurance information and medical information were on the flash drive. So far, the Council said, there is no indication of inappropriate use of the information stored on the stolen flash drive.

The Council went on to say that both the Philadelphia Police Department and the Philadelphia District Attorney’s Office requested that notification of patients and the public be delayed while the investigation was ongoing.

A spokesperson explained in a statement that, under government health care programs, the Council gathers and processes patient data from several area health care providers for reporting and billing purposes.

Providers who are affected by this loss of data include: Spectrum Health Services Inc. (Haddington Health Center and the Broad Street Health Center); Public Health Management Corporation (which operates or operated PHMC Care Clinic, PHMC Health Connection, Rising Sun Health Center, Mary Howard Health Center, Community Court, Project Salud and several emergency housing locations in Philadelphia); Planned Parenthood Southeastern Pennsylvania; Planned Parenthood Association of Bucks County; and The Children’s Hospital of Philadelphia.

The Council said it reported the circumstances of the incident to those providers on January 13, 2011, and each of the providers is notifying its patients affected by this incident.
The Council is offering individuals affected by this breach credit-monitoring services and other credit-protection services free-of-charge.

Patients who need further assistance, or who would like additional information on ways to protect their financial information, can visit the Family Planning Council’s website at http://www.familyplanning.org or call 1-888-414-8020 and enter reference number 3720040811.

Melissa Weiler Gerber, Executive Director of The Family Planning Council, declined an interview request and refused to answer questions about the hiring of Stanton, whose rap sheet includes multiple convictions for theft, fraud and other crimes.

Weiler Gerber issued a written statement saying, “While no abuse of the stolen data has come to light, we regret deeply even the appearance of a breach. I offer my personal and professional apology to all patients whose confidentiality may have been violated. We are moving swiftly and purposefully to ensure that nothing of this type ever occurs again with respect to Council facilities or information, and to ensure that our procedures comply with all privacy and security laws and satisfy industry best practices.”

Mind-Reading Systems Could Change Air Security

Posted in New World Order, terrorism with tags , , , , , , , , on February 17, 2010 by saynsumthn

Mind-Reading Systems Could Change Air Security

AP 1/10/2010

Systems that aim to get inside an evildoer’s head are among the proposals floated by security experts thinking beyond the X-ray machines and metal detectors used on millions of passengers and bags each year.

CHICAGO — A would-be terrorist tries to board a plane, bent on mass murder. As he walks through a security checkpoint, fidgeting and glancing around, a network of high-tech machines analyzes his body language and reads his mind.

Screeners pull him aside.

Tragedy is averted.

As far-fetched as that sounds, systems that aim to get inside an evildoer’s head are among the proposals floated by security experts thinking beyond the X-ray machines and metal detectors used on millions of passengers and bags each year.

On Thursday, in the wake of the Christmas Day bombing attempt over Detroit, President Barack Obama called on Homeland Security and the Energy Department to develop better screening technology, warning: “In the never-ending race to protect our country, we have to stay one step ahead of a nimble adversary.”

The ideas that have been offered by security experts for staying one step ahead include highly sophisticated sensors, more intensive interrogations of travelers by screeners trained in human behavior, and a lifting of the U.S. prohibitions against profiling.

Some of the more unusual ideas are already being tested. Some aren’t being given any serious consideration. Many raise troubling questions about civil liberties. All are costly.

“Regulators need to accept that the current approach is outdated,” said Philip Baum, editor of the London-based magazine Aviation Security International. “It may have responded to the threats of the 1960s, but it doesn’t respond to the threats of the 21st century.”

Here’s a look at some of the ideas that could shape the future of airline security:

MIND READERS

The aim of one company that blends high technology and behavioral psychology is hinted at in its name, WeCU — as in “We See You.”

The system that Israeli-based WeCU Technologies has devised and is testing in Israel projects images onto airport screens, such as symbols associated with a certain terrorist group or some other image only a would-be terrorist would recognize, company CEO Ehud Givon said.

The logic is that people can’t help reacting, even if only subtly, to familiar images that suddenly appear in unfamiliar places. If you strolled through an airport and saw a picture of your mother, Givon explained, you couldn’t help but respond.

The reaction could be a darting of the eyes, an increased heartbeat, a nervous twitch or faster breathing, he said.

The WeCU system would use humans to do some of the observing but would rely mostly on hidden cameras or sensors that can detect a slight rise in body temperature and heart rate. Far more sensitive devices under development that can take such measurements from a distance would be incorporated later.

If the sensors picked up a suspicious reaction, the traveler could be pulled out of line for further screening.

“One by one, you can screen out from the flow of people those with specific malicious intent,” Givon said.

Some critics have expressed horror at the approach, calling it Orwellian and akin to “brain fingerprinting.”

For civil libertarians, attempting to read a person’s thoughts comes uncomfortably close to the future world depicted in the movie “Minority Report,” where a policeman played by Tom Cruise targets people for “pre-crimes,” or merely thinking about breaking the law.

LIE DETECTORS

One system being studied by Homeland Security is called the Future Attribute Screening Technology, or FAST, and works like a souped-up polygraph.

It would subject people pulled aside for additional screening to a battery of tests, including scans of facial movements and pupil dilation, for signs of deception. Small platforms similar to the balancing boards used in the Nintendo Wii would help detect fidgeting.

At a public demonstration of the system in Boston last year, project manager Robert Burns explained that people who harbor ill will display involuntary physiological reactions that others — such as those who are stressed out for ordinary reasons, such as being late for a plane — don’t.

The system could be made to work passively, scanning people as they walk through a security line, according to Burns.

Field testing of the system, which will cost around $20 million to develop, could begin in 2011, The Boston Globe said in a story about the demonstration. Addressing one concern of civil libertarians, Burns said the technology would delete data after each screening.

THE ISRAELI MODEL

Some say the U.S. should take a page from Israel’s book on security.

At Israeli airports, widely considered the most secure in the world, travelers are subjected to probing personal questions as screeners look them straight in the eye for signs of deception. Searches are meticulous, with screeners often scrutinizing every item in a bag, unfolding socks, squeezing toothpaste and flipping through books.

“All must look to Israel and learn from them. This is not a post-911 thing for them. They’ve been doing this since 1956,” said Michael Goldberg, president of New York-based IDO Security Inc., which developed a device that can scan shoes for hidden weapons while they are still on people’s feet.

Israel also employs profiling: At Ben-Gurion Airport, Jewish Israelis typically pass through smoothly, while others may be taken aside for closer interrogation or even strip searches. Another distinquishing feature of Israeli airports is that they rely on concentric security rings that start miles from terminal buildings.

Rafi Ron, the former security director at Israel’s famously tight Ben Gurion International Airport who now is a consultant for Boston’s Logan International Airport, says U.S. airports also need to be careful not to overcommit to securing passenger entry points at airports, forgetting about the rest of the field.

“Don’t invest all your efforts on the front door and leave the back door open,” Ron said.

While many experts agree the United States could adopt some Israeli methods, few believe the overall model would work here, in part because of the sheer number of large U.S. airports — around 400, versus half a dozen in Israel.

Also, the painstaking searches and interrogations would create delays that could bring U.S. air traffic to a standstill. And many Americans would find the often intrusive and intimidating Israeli approach repugnant.

PROFILING

Some argue that policies against profiling undermine security.

Baum, who is also managing director of Green Light Limited, a London-based aviation security company, agrees profiling based on race and religion is counterproductive and should be avoided. But he argues that a reluctance to distinguish travelers on other grounds — such as their general appearance or their mannerisms — is not only foolhardy but dangerous.

“When you see a typical family — dressed like a family, acts like a family, interacts with each other like a family … when their passport details match — then let’s get them through,” he said. “Stop wasting time that would be much better spent screening the people that we’ve got more concerns about.”

U.S. authorities prohibit profiling of passengers based on ethnicity, religion or national origin. Current procedures call for travelers to be randomly pulled out of line for further screening.

Scrutinizing 80-year-old grandmothers or students because they might be carrying school scissors can defy common sense, Baum said.

“We need to use the human brain — which is the best technology of them all,” he said.

But any move to relax prohibitions against profiling in the U.S. would surely trigger fierce resistance, including legal challenges by privacy advocates.

PRIVATIZATION

What if security were left to somebody other than the federal government?

Jim Harper, director of information policy studies at the Washington-based Cato Institute, a free-market-oriented think tank, says airlines should be allowed take charge of security at airports.

Especially since 9/11, the trend has been toward standardizing security procedures to ensure all airports follow the best practices. But Harper argues that decentralizing the responsibility would result in a mix of approaches — thereby making it harder for terrorists to use a single template in planning attacks.

“Passengers, too, prefer a uniform experience,” he said. “But that’s not necessarily the best security. It’s better if sometimes we take your laptop out, sometimes we’ll pat you down. Those are things that will really drive a terrorist batty — as if they’re not batty already.”

Harper concedes that privatizing airport security is probably wishful thinking, and the idea has not gotten any traction. He acknowledges it would be difficult to allay fears of gaping security holes if it were left to each airline or airport owner to decide its own approach.