EHIP

Baylor Health Care System, one of the Dallas area's largest employers, has taken several savvy steps in its fight against smoking.

It has offered free smoking-cessation programs to workers, made its campus smoke-free and slapped a health insurance surcharge on employees who smoke.

But on Jan. 1, Baylor went a step too far: It stopped hiring anyone who smokes at work - or anywhere else.

Treating smoking, in essence, like illegal drug use takes Baylor and an increasing number of other employers down a dangerous road, one that extends far too deeply into the private lives of prospective workers.

Baylor says that as a health care organization, it wants to practice what it preaches: discouraging one of the nation's deadliest health habits.

But such practices are not confined to the health care industry, and they raise a broader issue: If employers routinely reject people who engage in risky, but legal, behavior on their own time, what about such things as overeating or drinking too much alcohol?

If smoker bans reduce health care expenses, cost-conscious employers might be tempted to stake out new and even more intrusive territory under the "wellness program" banner.

A bit further down the road lies hiring based on genetics.

In that world, inheriting a gene that shows a predisposition to a costly disease could cost you a job.

A decade ago, bans on hiring smokers were rare.

A few companies including Alaska Airlines, Turner Broadcasting, Florida's Gulf Power and some law enforcement agencies were among the early adopters.

Since 2007, the Cleveland Clinicâ¬" which has 40,000 employees and hires 5,000 a year â¬" hasn't hired anyone who tests positive for nicotine.

The trend led 29 states to pass laws protecting smokers from what lawmakers saw as workplace discrimination.

Since 2007, the Cleveland Clinic which has 40,000 employees and hires 5,000 a year hasn't hired anyone who tests positive for nicotine.

Starting this Wednesday, Pennsylvania's Geisinger Health System, which has 15,000 employees, won't hire smokers.

At least health care providers can assert that the bans are related to their medical missions.

Scotts Co., which makes lawn and garden supplies, made headlines in 2006 when it was sued by a new hire who was fired after testing positive for nicotine; Scotts' policy was upheld by a federal court in Boston.

Atlanta-based Georgia Power stopped hiring smokers in 2009.

Even the Hollywood Casino in Toledo, Ohio, set to open this year, tells smokers they need not apply for employment.

This means House Speaker John Boehner, a smoker who is second in line to the presidency, couldn't get a job at a casino in his home state.

In a nation where 55% of workers get their insurance through their employers, and where employers' insurance costs have more than doubled in just a decade, companies have ample reason to cut costs and keep employees healthy.

They also deserve great latitude in hiring, which makes legislation problematic.

Intruding this deeply into people's private lives raises questions that bear scrutiny.

Companies can charge smokers more for health coverage or ban smoking on the job.

But punishing people for using a legal product on their own time crosses a troubling line.

Automated summary from: USA Today

Google announced a new privacy policy and terms of service on Jan. 24.

Google will soon know far more about who you are and what you do on the Web.

The Web giant announced Tuesday that it plans to follow the activities of users across nearly all of its ubiquitous sites, including YouTube, Gmail and its leading search engine.

Google has already been collecting some of this information.

But for the first time, it is combining data across its Web sites to stitch together a fuller portrait of users.

Consumers who are logged into Google services won't be able to opt out of the changes, which take effect March 1.

Experts say the policy shift will invite greater scrutiny from federal regulators of the company's privacy and competitive practices.

FAQ: What exactly will Google be able to collect and integrate?

Company spokesmen argue that the move will help Google better tailor its ads to people's tastes.

If someone watches an NBA clip online and lives in Washington, the firm could advertise Washington Wizards tickets in that person's Gmail account.

Consumers could also benefit, the company said.

When someone is searching for the word "jaguar," Google would have a better idea of whether the person was interested in the animal or the car.

Or the firm might suggest e-mailing contacts in New York when it learns you are planning a trip there.

But consumer advocates say the new policy might upset people who never expected their information would be shared across so many different Web sites.

A user signing up for Gmail, for instance, might never have imagined that the content of his or her messages could affect the experience on seemingly unrelated Web sites such as YouTube.

"Google's new privacy announcement is frustrating and a little frightening," said Common Sense Media chief executive James Steyer.

"Even if the company believes that tracking users across all platforms improves their services, consumers should still have the option to opt out --- especially the kids and teens who are avid users of YouTube, Gmail and Google Search."

Google can collect information about users when they activate an Android mobile phone, sign into their accounts online or enter search terms.

It can also store cookies on people's computers to see which Web sites they visit or use its popular maps program to estimate their location.

The change to its privacy policies come as Google is facing stiff competition for the fickle attention of Web surfers.

It recently disappointed investors for the first time in several quarters, failing last week to meet earnings predictions.

Apple, in contrast, reported record earnings Tuesday that blew past even the most optimistic expectations.

Some analysts said Google's move is aimed squarely at Apple and Facebook --- which have been successful in building unified ecosystems of products that capture people's attention.

Google, in contrast, has adopted a more scattered approach, but an executive said in an interview that the company wants to create a much more seamless environment across its various offerings.

"If you're signed in, we may combine information you've provided from one service with information from other services," Alma Whitten, Google's director of privacy for product and engineering, wrote in a blog post.

"In short, we'll treat you as a single user across all our products, which will mean a simpler, more intuitive Google experience," she said.

Google said it would notify its hundreds of millions of users of the change through an e-mail and a message on its Web sites.

It will apply to all of its services except for Google Wallet, the Chrome browser and Google Books.

The company said the change would simplify the company's privacy policy --- a move that regulators encouraged.

Still, some consumer advocates and lawmakers remained skeptical.

"There is no way anyone expected this," said Jeffrey Chester, executive director of the Center for Digital Democracy, a privacy advocacy group.

"There is no way a user can comprehend the implication of Google collecting across platforms for information about your health, political opinions and financial concerns."

Added Rep. Edward J. Markey (D-Mass), co-chair of the Congressional Privacy Caucus: "It is imperative that users will be able to decide whether they want their information shared across the spectrum of Google's offerings."

Google has increasingly been a focus of Washington regulators.

The company recently settled a privacy complaint by the Federal Trade Commission after it allowed users of its now-defunct social-networking tool Google Buzz to see contacts lists from its e-mail program.

And a previous decision to use its social network data in search results has been included in a broad FTC investigation, according to a person familiar with the matter who spoke on the condition of anonymity because the investigation is private.

Federal officials are also looking at whether Google is running afoul of antitrust rules by using its dominance in online searches to favor its other business lines.

Claudia Farrell, a spokeswoman for the FTC, declined to comment on any interaction between Google and regulators on its new privacy changes.

Automated summary from: The Washington Post

Open data initiatives for the NHS, transport, weather and house prices, along with the creation of an Open Data Institute are due be announced to coincide with the chancellor's Autumn Statement tomorrow.

The government hopes that the moves will boost investment in digital and medical technology, encouraging small and medium sized firms, support the development of applications by entrepreneurs and make business logistics and computing more efficient.

A raft of measures are planned for the wider use of data produced by the health service.

They include the linking of datasets from primary and secondary care to provide NHS and pharmaceutical professionals with more anonymised information about the journeys of patients through the care system and the outcomes of different treatments.

The government believes that the Veterans Affairs healthcare system in the US has shown that linked data can provide significant improvements in the quality of care.

There will also be new healthcare data release services for industry and academia, aimed at helping them to develop new products and services, and more detailed prescribing data to support research in analytics, electronic data management and other digitial technologies.

More widely, the government is to create a Data Strategy Board from data users, which will be responsible handling the public sector contracts of the Public Data Group.

It will have up to the next three years to spend on making more data freely available.

Summarized by Coperic Summarizer,from The Guardian

The push to move the nation from paper to electronic health records is serious business.

Judith Faulkner, the chief executive, started the company more than 30 years ago, when, in all but a very few places, patient records were kept on paper.

The way this data is stored and used can literally be a matter of life and death --- which is why the transition to electronic health records is so sensitive.

At first, Epic consisted of three part-time employees working at $10 used desks in the basement of an apartment house near the university.

A government Web site known as the "Wall of Shame" has documented hundreds of breaches that threatened patients' privacy.

At Epic, "We have all sorts of firewalls and security systems in effect to prevent data breaches."

Carl Dvorak, an executive vice president at Epic, says the company shares patient data with health care organizations that are not customers if they meet certain conditions.

Judith Faulkner, the C.E.O., below, started the company more than 30 years ago, when its three employees worked in the basement of an apartment house.

Another concern among patients and medical professionals is the possibility of medical errors resulting from improperly used or poorly designed record systems.

Its customers include many hospitals that are connected to medical schools, as well as large physician groups.

The Epic software system is a "de facto standard among the more complex academic health centers and multispecialty medical groups," says Dr. John D. Halamka, chief information officer of Beth Israel Deaconess Medical Center in Boston and a professor at the Harvard Medical School.

The federal government is contributing to the recent growth of Epic and similar firms by offering financial incentives to health providers who switch to electronic records.

The government began to disburse the money last May; so far, hospitals and doctors have received $2.5 billion of a potential $27 billion in stimulus funds, federal officials said last week.

Some wonder if the government should play a bigger role in creating uniform technical standards and designs across systems.

Last September, some 6,600 health care and information technology executives and professionals also visited the company's bucolic campus here for a users' conference.

Automated Summary from: New York Times

The New Brunswick government and its universities are coming under pressure from citizens to make more raw data available to the public.

Many governments in Canada and around the world have embraced the so-called open data agenda and have freed up raw data to citizens so they can arrange public information in useful ways and collaborate with others to better understand the numbers.

Peterson built the website - propertize.ca - because he wanted to compare his property tax assessment with his neighbours.

"I'd like to take it forward and be able to expand it into other provinces," he said.

City buses could be tracked through smartphones, potholes could be reported and a city could notify people when they were fixed and snowplows could be monitored so people don't have to shovel twice.

"We have technology today that enables for much easier citizen engagement, and citizen engagement in a much smarter way," he said.

While the New Brunswick government is being pressured to start freeing up data for its citizens, the federal government is already moving in that direction.

The federal government's open data portal collates 260,000 data sets that span everything from immigration statistics to mapping co-ordinates.

When Treasury Board President Tony Clement made the announcement, he said he had not heard yet of anyone doing anything creative with the federal government data made available to date.

But he said the federal government was "liberalizing" the approach to opening up data.

Open data sites are not simply the domain of the federal government.

Automated Summary from: CBC News

A claim by the Department of Health that patient data shared with private firms for medical research would be anonymised has been challenged by privacy campaigners.

The DH says all necessary safeguards would be in place to ensure protection of patients' details.

But Ethics and Genetics, a social and technology campaign group, says freedom of information requests show that under certain circumstances data anonymity would not always be guaranteed.

Data accessed under the secondary uses service, which is jointly delivered by the NHS Information Centre and Connecting for Health (CfH), for the NHS and its partners, is not always anonymised.

The CfH states on its website that the service only provides access to "anonymous patient-based data" for purposes other than direct clinical care, such as healthcare planning, commissioning services, public health and national policy development.

The department said that there were instances where data was accessed after it had been pseudonymised.

Although the information is protected -- through NHS smart cards and pass codes -- and access only given to relevant data by authorised organisations, pseudonymised data is not the same as anonymised information, and there are ways of making identifiable links.

In a separate FoI request, the DH was asked how many times section 251 of the NHS Act 2006 has been used over the last three years.

"The long-term risk to privacy of patients' identities and their health details being connected cannot be quantified, so these plans should be implemented with absolute care."

The government has repeatedly said that it is committed to protecting patient privacy, but argues that it makes sense to utilise the substantial amount of medical information that the NHS generates.

It also hopes that opening up patient information further will lead to patients getting faster access to new treatments and Britain's life sciences sector will become a world leader.

Automated Summary from: The Guardian

We trust our health-care providers with the most intimate personal secrets, and we expect that our privacy will be respected.

The first involves the case of a physician, whose girlfriend, a nurse, was involved in an ugly divorce and custody battle with her ex-husband.

The doctor took advantage of a dozen colleagues in a busy hospital emergency room, colleagues who had gone online to consult Netcare about their patients, but neglected to log out afterwards.

The doctor piggybacked on those open search sessions to pry into the medical records of the girlfriend's ex-husband - as well as his new girlfriend, and his mother.

The victim became suspicious only when information from his private medical history came up in his divorce proceedings.

An audit uncovered a pattern of spying that had gone on, undetected, for 14 months.

In the second case, an Edmonton pharmacist became involved in an ugly quarrel with a group of women at her church, over their relations with a male member of the congregation.

The woman used Netcare to look up her rivals' files, then posted information about their health histories and prescription drug use on her Facebook page.

The pharmacist was found guilty of a breach of the provincial Health Information Act and fined $15,000.

She was also disciplined by the Alberta College of Pharmacists, who fined her an additional $4,000, suspended her licence for four months, and ordered her to pay hearing costs of $10,000 to $15,000.

The Office of the Information and Privacy Commissioner concluded there wasn't enough evidence, beyond a reasonable doubt, to secure a conviction.

Instead, in the interests of solving the larger problem of sloppy online security at the hospital, they simply allowed the physician to make a statement, admitting to the spying.

Covenant turned the file over to the Alberta College of Physician and Surgeons; the College can't say whether there is an investigation underway, or whether it is contemplating disciplinary action.

In Alberta, to date, there have only been two successful convictions in under the act, though Work says investigation into another alleged breach is currently underway.

Work says more spot audits and more staff training would help.

He says it's also important that all Alberta's self-regulating health professions do a vigorous job of disciplining members who break the rules.

Automated Summary from: The Edmonton Journal

It's shocking to have two cases in a week in which medical professionals used private health information for their own personal vendettas.

In the first case, a local emergency physician has admitted using the provincial electronic health record, Netcare, to check the records of the ex-husband of a nurse the doctor was dating - a nurse who was in a divorce and custody battle.

Two other people connected with the ex-husband also had their health records spied on by the ER doctor.

In the second case, a pharmacist went into the Netcare health record of a number of women from her church and posted data about their medical prescriptions on her Facebook page.

Patients whose private health information is stored in these giant databanks need to know that it will be used only by health professionals and only for legitimate reasons.

The pharmacist has been fined and had her licence suspended for four months.

As the Alberta College of Pharmacists said in its finding on the case, such abuse of access to electronic medical files undermines all the work pharmacists have done to gain access to such data and to expand their scope of practice.

The fate of the ER doctor is now in the hands of the College of Physicians and Surgeons of Alberta.

The man who was spied on by the ER doctor found out only after being questioned about his medical history by his ex's lawyer as part of the divorce proceedings.

Alberta's privacy commissioner discovered that the snooping ER doctor used computers while they were logged onto Netcare by 12 other doctors.

In this hospital ER, one run by Covenant Health - so either the Misericordia or the Grey Nuns Hospital - ER physicians were lax about logging off when they left a computer, allowing the spying doctor to snoop while logged on under others' names.

The privacy commissioner has told Covenant Health to get its act together, and rightly so.

That means educating all hospital staff, including physicians, on the need to be vigilant about Netcare privacy.

Automated Summary from: The Edmonton Journal

While there are plenty of technical and functional concerns that have slowed adoption of public cloud computing and software-as-a-service, American companies trying to sell their cloud services outside the US or to large multinational organizations have another handicap to overcome: the USA PATRIOT Act.

European, Asian, and Canadian data privacy rules and concern about US surveillance of data crossing international boundaries have even been used to market European data centers' services.

Today, ComputerWeekly reported that BAE Systems had ditched Microsoft Office 365 over PATRIOT Act concerns, because Microsoft could not guarantee the company's data wouldn't leave Europe.

After researching the PATRIOT act, Microsoft found that regardless of where data was stored, it could not ensure that data would not be turned over to the US government as the result of a National Security Letter or other government request, because the company is governed by US law.

"The PATRIOT Act has come to be a kind of label for [privacy] concerns," Ambassador Phillip Verveer, the State Department's coordinator for international communications and information policy, said in a recent interview with Politico.

Verveer said that some European cloud providers are "taking advantage of a misperception" of PATRIOT to cut American companies out of potential business, "and we'd like to clear up that misperception."

The Electronic Privacy Information Center's analysis of the provision found it is so broad that "protected computer" could be interpreted to mean any computer, essentially giving the government warrantless search authority if its owner---or a service provider---agrees.

PATRIOT also authorizes warrantless interception of communication between or among "foreign powers," which includes foreign political organizations.

The changes came in the wake of protests over the outsourcing of British Columbia's health insurance system to Maximus by the British Columbia Government Employees Union.

European Commission Vice President and Justice Minister Viviane Reding made a point yesterday of calling out European cloud service providers for offering services that "shelter users from the US Patriot Act and other attempts by third countries to access personal data."

Reding is attempting to push forward an EU-wide set of regulations on data protection that would set a common standard across the continent, allowing data to be moved freely within the EU.

ZDNet's Zack Whitaker reports that the provisions of the new regulation will block PATRIOT Act provisions by revoking EU/US "safe harbor" regulations, forcing companies that do business in Europe to get "adequacy" statements from the data protection authority of the country where the data is primarily stored before transferring it.

Automated Summary from: ARS Technica

Cloud computing is a gold mine for the U.S. tech industry, but American firms are encountering resistance from an unexpected enemy overseas: the PATRIOT Act.

The Sept. 11-era law was supposed to help the intelligence community gather data on suspected terrorists.

But competitors overseas are using it as a way to discourage foreign countries from signing on with U.S. cloud computing providers like Google and Microsoft: Put your data on a U.S.-based cloud, they warn, and you may just put it in the hands of the U.S. government.

"The PATRIOT Act has come to be a kind of label for this set of concerns," Ambassador Philip Verveer, U.S. coordinator for International Communications and Information Policy at the State Department, told POLITICO.

Reacting to concerns raised by some of the country's most influential tech firms, the Obama administration is engaging in diplomatic talks around the world to put to rest fears in foreign capitals about the controversial surveillance law's power to give the U.S. government access to international data stored by American companies.

While no foreign governments have moved to block U.S. tech companies, authorities in the Netherlands as recently as September floated the idea of banning U.S.-based cloud firms from competing for government contracts.

And Verveer said on a trip to Germany in October that technology firms based in that country were openly using the PATRIOT Act as a "marketing proposition" to raise questions about U.S. cloud firms.

It has created a high-stakes trade issue that's become a top agenda item for U.S. firms already profiting in the cloud and for those eyeing the technology for the future.

It also registers high on the list of international tech priorities for the White House because of the potential negative impact such fears could have on the U.S. cloud market.

Laws in some countries allow governments to request private information from companies --- and the fear is that this information could be turned over to U.S. authorities under the anti-terrorist law.

"Several nations are imposing restrictions on data sharing to prevent data from moving across their own national boundaries, and that's very shortsighted.

The need for the Obama administration to take an international lead on the issue was highlighted in a cloud computing report this summer authored by a coalition of 71 experts from some of the largest hardware, software and Internet companies, including Microsoft, Amazon and Salesforce.

Aside from reforming antiquated U.S. digital privacy laws, the report urged the Commerce Department to conduct a study of the PATRIOT Act and national security laws in other countries to determine a company's ability to deploy cloud computing services in the global marketplace.

And if the U.S. and other countries don't simplify the complex legal environment surrounding cloud computing soon, experts are warning the environment will become riddled with uncertainty and confusion that could dampen the competitive position of U.S. firms in the future.

Automated Summary from: Politico