by Daniel J. Solove The U.S. Court of Appeals for the 3rd Circuit just affirmed the district court decision in FTC v. Wyndham Worldwide Corp., No. 14-3514 (3rd. Cir. Aug. 24, 2015). The case involves a challenge by Wyndham to an Federal Trade Commission (FTC) enforcement action emerging out of data breaches at the Wyndham. […]
Co-authored by Professor Woodrow Hartzog. Authentication presents one of the greatest security challenges organizations face. How do we accurately ensure that people seeking access to accounts or data are actually whom they say they are? People need to be able to access accounts and data conveniently, and access must often be provided remotely, without being […]
by Daniel J. Solove One of the most well-known classic privacy books is George Orwell’s 1984, and it has been published in countless editions around the world. I enjoy collecting things, and I’ve gathered up more than 50 original 1984 book cover art examples featured on various editions of the novel. I find it interesting […]
by Daniel J. Solove I recently held a webinar about the Federal Trade Commission (FTC) for TRUSTe called Understanding the FTC on Privacy and Security. The webinar is free and is archived at TRUSTe’s site. Here is a brief synopsis of the webinar: For the past nearly two decades, the FTC has risen to […]
by Daniel J. Solove Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC). SEMC agreed to pay $218,000. The case began with a complaint filed with OCR back in 2012 that employees […]
by Daniel J. Solove Recently, I wrote about the challenges in accessing health information about family members. In this post, I will explore patients’ access to their own medical records. HIPAA doesn’t handle patient access to medical records very well. There are many misunderstandings about patient access under HIPAA that make it quite difficult for […]
By Daniel J. Solove Co-authored by Professor Paul Schwartz This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here. We cover health issues in a separate post. News […]
by Daniel J. Solove Suppose your elderly mother is being treated at the hospital for a heart condition. Your mother tells her doctor that you can have access to her health information. The doctor, however, doesn’t disclose the information to you. The doctor thinks that you can only have the information with a signed written […]
by Daniel J. Solove There is a great quote in this article from HealthcareInfoSecurity: that expresses very well the importance and goals of HIPAA training programs: Workforce training is important not only for preventing breaches, including those involving ID crimes, but also to help detect those incidents, [Ann Patterson of the Medical Identity Fraud Alliance] says. […]
By Daniel J. Solove “We’re building privacy into the architecture from the ground up,” various companies and government entities often say when designing products, programs, and services.