Entries Tagged "medicine"

Page 9 of 9

Risks of Pointy Knives

An article in the British Medical Journal recommends that long pointy knives be banned because they’re a stabbing risk.

Of course it’s ridiculous. (I wrote about this kind of thing two days ago, in the context of cell phones on airplanes. Banning something with good uses just because there are also bad uses is rarely a good security trade-off.)

But the researchers actually have a point—so to speak—when they say that there’s no good reason for long knives to be pointy. From the BBC:

The researchers said there was no reason for long pointed knives to be publicly available at all.

They consulted 10 top chefs from around the UK, and found such knives have little practical value in the kitchen.

None of the chefs felt such knives were essential, since the point of a short blade was just as useful when a sharp end was needed.

I do a lot of cooking, and have all my life. I never use a long knife to stab. I never use the point of a chef’s knife, or the point of any other long knife. I rarely stab at all, and when I do, I’m using a small utility knife or a petty knife.

Okay, then. Why are so many large knives pointy? Carving knives aren’t pointy. Bread knives aren’t pointy. I can rock my chef’s knife just as easily on a rounded end.

Anyone know?

Posted on June 10, 2005 at 1:17 PMView Comments

U.S. Medical Privacy Law Gutted

In the U.S., medical privacy is largely governed by a 1996 law called HIPAA. Among many other provisions, HIPAA regulates the privacy and security surrounding electronic medical records. HIPAA specifies civil penalties against companies that don’t comply with the regulations, as well as criminal penalties against individuals and corporations who knowingly steal or misuse patient data.

The civil penalties have long been viewed as irrelevant by the health care industry. Now the criminal penalties have been gutted:

An authoritative new ruling by the Justice Department sharply limits the government’s ability to prosecute people for criminal violations of the law that protects the privacy of medical records.

The criminal penalties, the department said, apply to insurers, doctors, hospitals and other providers—but not necessarily their employees or outsiders who steal personal health data.

In short, the department said, people who work for an entity covered by the federal privacy law are not automatically covered by that law and may not be subject to its criminal penalties, which include a $250,000 fine and 10 years in prison for the most serious violations.

This is a complicated issue. Peter Swire worked extensively on this bill as the President’s Chief Counselor for Privacy, and I am going to quote him extensively. First, a story about someone who was convicted under the criminal part of this statute.

In 2004 the U.S. Attorney in Seattle announced that Richard Gibson was being indicted for violating the HIPAA privacy law. Gibson was a phlebotomist ­ a lab assistant ­ in a hospital. While at work he accessed the medical records of a person with a terminal cancer condition. Gibson then got credit cards in the patient’s name and ran up over $9,000 in charges, notably for video game purchases. In a statement to the court, the patient said he “lost a year of life both mentally and physically dealing with the stress” of dealing with collection agencies and other results of Gibson’s actions. Gibson signed a plea agreement and was sentenced to 16 months in jail.

According to this Justice Department ruling, Gibson was wrongly convicted. I presume his attorney is working on the matter, and I hope he can be re-tried under our identity theft laws. But because Gibson (or someone else like him) was working in his official capacity, he cannot be prosecuted under HIPAA. And because Gibson (or someone like him) was doing something not authorized by his employer, the hospital cannot be prosecuted under HIPAA.

The healthcare industry has been opposed to HIPAA from the beginning, because it puts constraints on their business in the name of security and privacy. This ruling comes after intense lobbying by the industry at the Department of Heath and Human Services and the Justice Department, and is the result of an HHS request for an opinion.

From Swire’s analysis the Justice Department ruling.

For a law professor who teaches statutory interpretation, the OLC opinion is terribly frustrating to read. The opinion reads like a brief for one side of an argument. Even worse, it reads like a brief that knows it has the losing side but has to come out with a predetermined answer.

I’ve been to my share of HIPAA security conferences. To the extent that big health is following the HIPAA law—and to a large extent, they’re waiting to see how it’s enforced—they are doing so because of the criminal penalties. They know that the civil penalties aren’t that large, and are a cost of doing business. But the criminal penalties were real. Now that they’re gone, the pressure on big health to protect patient privacy is greatly diminished.

Again Swire:

The simplest explanation for the bad OLC opinion is politics. Parts of the health care industry lobbied hard to cancel HIPAA in 2001. When President Bush decided to keep the privacy rule—quite possibly based on his sincere personal views—the industry efforts shifted direction. Industry pressure has stopped HHS from bringing a single civil case out of the 13,000 complaints. Now, after a U.S. Attorney’s office had the initiative to prosecute Mr. Gibson, senior officials in Washington have clamped down on criminal enforcement. The participation of senior political officials in the interpretation of a statute, rather than relying on staff attorneys, makes this political theory even more convincing.

This kind of thing is bigger than the security of the healthcare data of Americans. Our administration is trying to collect more data in its attempt to fight terrorism. Part of that is convincing people—both Americans and foreigners—that this data will be protected. When we gut privacy protections because they might inconvenience business, we’re telling the world that privacy isn’t one of our core concerns.

If the administration doesn’t believe that we need to follow its medical data privacy rules, what makes you think they’re following the FISA rules?

Posted on June 7, 2005 at 12:15 PMView Comments

More Uses for Airline Passenger Data

I’ve been worried about the government getting comprehensive data on airline passengers in order to check their names against a terrorist “watch list.” Turns out that the government has another reason for wanting passenger data.

Although privacy experts worry about the government gathering personal information on airline travelers, Delta Airlines is handing over electronic lists of passengers from some flights to help stop the spread of deadly infectious diseases.

The lists will allow health officials to notify more quickly those travelers who might have been exposed to illnesses such as dengue fever, flu, plague, SARS and biological agents, the Centers for Disease Control and Prevention told a congressional panel on Wednesday.

It’s the same story: a massive privacy violation of everybody just in case something happens to a few.

As an example of the CDC’s notification efforts, Schuchat cited the case of a New Jersey resident who returned from a trip to Sierra Leone in September with Lassa fever. The patient flew to Newark via London and took a train home. Only after he died a few days later did the CDC confirm the disease.

CDC worked with the state, the airline, the railroad, the hospital and others to identify 188 people who had been near the patient. Nineteen were deemed at-risk and 16 were contacted; none of those contacted came down with the disease. It took more than five days to notify some passengers, Schuchat said.

It’s unclear how this program would reduce that “five days” problem. I think it’s a better trade-off for the airlines to be ready to send the CDC the data in the event of a problem, rather than them sending the CDC all the data—just in case—before there is any problem.

Posted on April 8, 2005 at 9:14 AMView Comments

1 7 8 9

Sidebar photo of Bruce Schneier by Joe MacInnis.