Cross-posted from the mother ship, PogoWasRight.org: I splurged and purchased a copy of the transcript of Thursday’s oral argument in FTC v. Wyndham . You can download it here (PDF, 561kB, 186 pp.). Consider it an early holiday gift from PogoWasRight.org to you. I look forward to reading everyone’s reactions after we’ve all had time to read it. I…
Follow-up: Can a clinic be held liable for employee's bad acts?
And speaking of how much a health care facility can do about a rogue employee and whether they are responsible or liable, there is an update to a case I first noted here in 2011 involving a Guthrie Healthcare System clinic in Corning, New York. In that case, a nurse willfully disclosed a patient’s information on…
Diapers.com goes above and beyond to protect customers (update 3)
A Diapers.com customer kindly sent me a copy of the e-mail he received from them today: From: Diapers.com <[email protected]> Date: Sun, Nov 10, 2013 at 12:09 PM Subject: An Important Message Regarding Your Account To: [redacted] Hello [redacted] This is an important message from Diapers.com At Diapers.com we take your security and privacy very seriously….
"Small" breach, big harm.
I recently noted a privacy breach at Northern Inyo Hospital in California. It was one of those “small breaches” (i.e., less than 500 affected) that don’t get reported on HHS’s public-facing breach tool, but it really created distress for its victim. In discussing the breach, I noted my surprise at a statement the patient made…
Update: QxMD fixes privacy problem in Calculate
On October 30, PHIprivacy.net linked to an article on PCMag that described a review of an app, Calculate, by QxMD. The reviewer, Appthority, had found that “the registration and setup sends the doctor information, such as name, e-mail, and location over the network in plaintext,” despite the app’s assurance that all information was encrypted. At the time,…
Tool to determine if your email address was in the Adobe data dump
After the Adobe hack was disclosed, I received some emails from concerned consumers asking if there was some way they could check to find out if their details were involved. LastPass has set up a page where you can input your email address and LastPass checks the database that was dumped online to determine if…