Privacy Resolutions

Privacy Resolutions

new years note


6 Privacy Resolutions for the New Year

Welcome to the New Year! While most of us are focusing on New Year’s resolutions for our bad habits, there is one habit most are overlooking: online behavior. Protecting yourself online is one of the most important habits you should be implementing into your daily life and teaching your children. Many of us do not know exactly where to begin in regards to online protection. Lauth Investigations International, Inc. works with clients, individuals and corporations, daily to ensure personal and professional protection online.

Sites like Facebook and Instagram allow us to share our life with the world via the internet; however, we should not get too used to sharing our lives with loved ones and forget to protect ourselves. Online privacy is essential to protect your family from all kinds of predators. Below are 5 easy ways to assist in personal protection from fraud, identity theft, and/or unwanted wandering eyes.

  1. Use Password Creativity

Lack of password protection is one of the major ways people fall victim to identity theft or hacking. It’s important to make sure your passwords are complicated and secure in order to ensure your different accounts are safe. Whether it’s banking, social media, or online retailers, creative passwords are needed for security. Below are just a few practices to consider when managing your passwords:

  • Change your password every two months;
  • Never repeat a previous or current password;
  • Avoid obvious personal data, including dates and names;
  • Store your passwords away from your devices. Write them down in one location in an easy to access yet discreet location..
  1. Keep Updated On Current Scams When it comes to protection and security, knowledge is power. Online scammers are continuously getting smarter and inventing new versions of buying and selling scams, dating scams, and inheritance scams. Be proactive when protecting yourself from being scammed, continue to be educated on new scams being utilized online. Lauth Investigations International, Inc. is a great resource providing weekly blogs on safety and personal protection, including but not limited to, fraud, identity theft, online scams, and more.Check out our article about dating scams here. 
  2. Social Media Privacy Settingsprivacy statusSocial media is a great way to keep in touch with friends and family and share special events and moments from your life. However, your social media page is also a gold mine for anyone trying to steal your identity, stalk you, or harass you in any way. Make sure your privacy settings on your social media accounts are up to date. Never share any posts about where you live, your daily routine, or your children’s names publicly. Limit the amount of information on your profile. Consistently review your friend list and “defriend” anyone who you don’t know personally. Oftentimes, our friend list fills up over the years with people we don’t really know leading to privacy breaches without us realizing it.

For more information on how mothers can protect their kids online, check out this blog article.

  1. Use Encrypted MessagingOur messages are some of the most private things we store online, and yet they are often some of the least protected. If you are sending sensitive information through online messaging, consider what application you are using to send these messages. Whatsapp has a secure line which may be used for casual conversations you may want to protect. Signal, the  secure messaging application recommended by Edward Snowden, is another application to consider. As of 2016, Facebook Messenger has implemented a “secret conversations” feature you can access by clicking on the “secret” button at the top of the “New Message” option.
    cell phone
  1. Embrace 2 Factor Authentication2 factor authentication is a secure feature offered by most online resources requiring a back-up verification method, text message or email, in order to log on. If you’ve ever logged onto your email from a new computer and received a notification you need to enter a code in order to access your account, you have already used two factor authentication. Two Factor Authentication is one of the best ways to protect your account from hacking. It has been widely considered to be the way of the future when it comes to online security. Although it may slow you down due to the extra step when logging on, if you really need to ensure your information stays secure, 2 Factor Authentication is the best way.
  2. Never give information or money up frontUltimately, the best way to avoid being scammed online is to be wary of anyone who asks you for money or security information up front. If you ever have doubt about a company who is trying to collect your information, you should be able to trace their information to a secure office and speak to a representative on the phone. Also, look at online reviews to see if other people have already complained about this company. Oftentimes, if a company is fraudulent, they have a paper trail of victims who have tried to warn other people through online complaints or reviews. Do your research before completing a transaction with anyone online, whether it be a dating site, a Craigslist purchase, or a stock investment.Almost everyone has embraced the online world, and it’s becoming next to impossible to keep all your personal information offline. Being smart about how you share and who you share with can keep you secure and allow you to take advantage of all the benefits of the internet without the risks.


Hospital fulfills subpoena, gets hit with privacy suit

Patient privacy is no doubt paramount in any physician practice. But when a subpoena suddenly is thrust into the physician-patient relationship, doctors may find themselves caught between the law and their privacy obligations.

The Cleveland Clinic in Ohio found itself in such a predicament when it agreed to turn over a patient’s records in response to a grand jury subpoena in a criminal investigation.

The U.S. District Court for the Northern District of Ohio, in a Feb. 1 ruling, said that more stringent state privacy standards superseded the hospital’s obligations to comply with the subpoena and related disclosure requirements under the Health Insurance Portability and Accountability Act. The ruling allows a patient to sue the hospital for invading his privacy.

The Cleveland Clinic declined to comment for this article.

The subpoena request was prompted by a criminal investigation of James Turk, a private investigator and former police officer who was indicted in June 2007 for carrying a concealed weapon and having it despite an alleged drug and alcohol dependency, according to court records.

Turk denied wrongdoing, and a jury acquitted him of some of the weapon charges in November 2008, while other claims were dropped.

As part of the criminal proceedings, the Cuyahoga County Court of Common Pleas, on behalf of the police department, issued a grand jury subpoena to Cleveland Clinic for Turk’s medical records. The request included information about any treatment for drug or alcohol abuse as well as any mental health counseling Turk had received.

The hospital complied with the subpoena and turned over the information to a police officer involved in the case. That prompted Turk to file suit against the Cleveland Clinic in 2009, claiming the hospital invaded his privacy and negligently disclosed his private medical information without proper authorization.

Turk alleged primarily that the release of his confidential records violated the state’s physician-patient privilege statute, which, with limited exception, protects medical information from public disclosure without patient consent.

But the Cleveland Clinic argued in court documents that the case should be dismissed because the clinic was responding to a grand jury subpoena.

Because such proceedings are conducted in secret and any information shared is kept confidential, the hospital said its production of Turk’s records did not constitute a public disclosure that violated the physician-patient privilege.

The Cleveland Clinic also contended that the records were necessary to further the state’s interest in fighting criminal activity.

Furthermore, the hospital pointed to a specific exception under HIPAA authorizing the disclosure of a patient’s medical records in response to a grand jury subpoena.
No exception

But the court was not persuaded, saying Ohio’s privilege statute contained no such exception. The court refused to dismiss the case, which could go to trial. The case likely will proceed in federal court because it involved a mix of state and federal issues related to Turk’s arrest.

U.S. District Court Judge Kathleen M. O’Malley noted that the state law did include limited exemptions allowing law enforcement in certain circumstances to obtain private patient information as a part of criminal investigations. That could be allowed, for example, if the case was against a physician or to get test results to determine the presence of drugs or alcohol in a patient’s blood.

The privilege statute also permits disclosure if:

* The patient or a guardian gives consent.
* The lawsuit is filed by the patient.
* The action involves court-ordered treatment.

Otherwise, it was up to the Legislature, not the courts, to create any additional exceptions to the privilege protections, O’Malley said, adding that the Ohio Supreme Court has repeatedly refused to do so.

As for HIPAA, the court recognized that the federal privacy statute does explicitly authorize the release of patients’ medical records in response to a grand jury subpoena, as well as other law enforcement requests.

But it also noted that the federal law does not preempt more stringent state standards. Because Ohio’s privacy protections — which did not allow for grand jury disclosures — were broader than those mandated by HIPAA, the state law prevailed, the district court found.

The judge added that both the state’s interest in investigating criminal activity and patients’ interests in medical records privacy were worthy of protection. But “if the right of confidentiality is to mean anything, an individual must be able to direct the disclosure of his or her own private information,” the court said, citing earlier Ohio court precedent.

Because Turk was given no notice of the grand jury subpoena, however, he had no chance to object or respond in any way to the records request, the judge noted. Nor was there any attempt to narrowly tailor the inquiry to the scope of the criminal charges.

The court concluded that the state’s interests were not enough to outweigh Turk’s privacy rights.

“While it may be more efficient for a grand jury to be permitted to obtain an individual’s medical records … giving law enforcement unbridled access to medical records could discourage patients from seeking medical treatment,” O’Malley wrote.

Legal experts said the case is an important wake-up call for physicians who may think they are doing the right thing when law enforcement comes knocking, and they warn that doctors should take note of the interplay between state and federal law.

“HIPAA sets a floor, not a ceiling, and this case is a classic example of that principle,” said Peter Leininger, a health care lawyer in Fulbright & Jaworski LLP’s Washington, D.C., office. “You’ve got to check state law, too. Simply complying with HIPAA is not always going to be enough.”

State and federal privacy laws vary as to what types of medical information can be disclosed and when, said D.C.-based health privacy lawyer Marion K. Goldberg. But such statutes generally strive to find a balance between impeding a lawsuit and protecting patient privacy.

State law may specify, for example, that certain sensitive information related to drug or sexual abuse or HIV status generally remain privileged, said Goldberg, a partner with Winston & Strawn LLP. But if there is an ongoing crime, such as domestic violence, or an impending danger, documents that are otherwise off limits may be accessible.

State laws also may have different definitions as to what constitutes medical information, Goldberg said. She noted, for example, that the Ohio court found no privacy violation when the Cleveland Clinic gave police only the names of Turk’s doctors, before the subpoena for more detailed information was issued. The court said state law did not consider names to be privileged medical information.

However, disclosing even names “may be enough to create an issue under HIPAA,” Goldberg said. “Suppose the name of the doctor they gave out was a psychiatrist … or a subspecialist in drug and alcohol abuse. Wouldn’t that tell us something?”

If doctors are faced with a disclosure request, “as a caution, you have to look at the type of record being subpoenaed and what state and federal laws are regarding that type of record. Then you have to comply,” Goldberg said.

What doctors cannot do is ignore it, experts warned. Violating a subpoena or court order carries penalties, they said, ranging from contempt of court to fines, even jail time.

On the other hand, state law may permit patients to sue over improper disclosures, Goldberg said. While HIPAA precludes such private actions, it does allow patients to complain to the government, which can impose financial penalties for privacy breaches, she added.

But physicians also have the right to contest a records request on behalf of their patients or to ask a judge for further clarification, experts said.

There are ways to work with the courts or parties involved to alleviate confidentiality concerns, while providing the information sought, Leininger said. For example, state law may prohibit certain disclosures under a broad subpoena, but allow for a more limited, protective court order.

Nevertheless, when in doubt, consult a lawyer, Goldberg said, “because you can get caught, and that’s really the lesson in this.”