Transcript HIPAA Solutions, LC

Protecting Citizens’
Personal Information
Privacy
HIPAA Solutions, LC
[email protected]
© HIPAA Solutions, LC 2007
What’s Personal Information
Financial Information




Banking & Credit
Investments & Mortgage
Signatures
Notary Seals
Demographic

Name, Address, Birth Certificate
Government Related






Social Security Number
Driver’s License
Gun Permit
Military Records
Court Records & Probate
Infrastructure
Health Information

© HIPAA Solutions, LC 2007
Medical Records & Insurance
Who Uses Personal Information
Financial & Credit Institutions


Banking & Finance
Credit Card
Government

Permits, Licenses, Courts, SSN, Veterans,
Administrative, Taxes, Student Records, Property,
Security, Law Enforcement
Health Care Providers

Medical Records, Insurance
Employers

Benefits, Pay Records, Taxes, SSN, Personnel &
Hiring, Background Checks, Security
Businesses

© HIPAA Solutions, LC 2007
Retail Transactions, Credit Checks, Insurance,
Contracts, Real Estate Title Companies, Land Brokers
Who ELSE Uses Personal Information
Commercial & Political Organizations





Marketing Groups
“Data Mining” Organizations
Risk Evaluation – Insurance & Credit
Companies
Foreign Companies
Campaigns & Political Organizations
Criminals

Financial Gain – Identity Theft & Fraud
Illegal immigration
Criminal Alias’s
Medical Fraud – Medicaid & Medicare
Insurance
Real Estate Fraud

Stalkers

Organized Crime
Forgers
Terrorists







© HIPAA Solutions, LC 2007
Why Protect Personal Information











© HIPAA Solutions, LC 2007
Financial Loss
Credit Risk
Employment Risk
Disruption of Lives
Increased Cost of Products & Services
Taxes for Law Enforcement
Health Danger
Family & Children
Stalkers
National Security
Illegal Immigration
Real Risks
2006 FTC report on Identity Theft & Fraud




Texas 4th on list of complaints of ID Theft per 1,000 citizens
Texas has 4 of top 30 Metro areas with highest % of ID theft
complaints per number of citizens
Almost half of top 50 cities based on number of complaints per
population are in border states
Jan-Dec 2006 - Consumer Sentinel (complaint database
developed by FTC) received over 670,000 consumer fraud
and identity theft complaints.

Total overall losses in US for 2006 were $49 billion
http://www.consumeraffairs.com/news04/2007/02/congress_identity_theft.html
© HIPAA Solutions, LC 2007
Why Protect Personal Information
. . . Darwin Professional Underwriters, analyzed data from
media reports and other sources to come up with algorithms
...
. . . . a breach that exposes 75,000 identities will cost an
organization $9.9 million on average. One third of the
cost or $3.47 million is needed to provide credit
monitoring to alert potential victims when their
information is misused.
. . . Last year, Chicago voters filed a class action lawsuit
against the Elections board for a similar breach involving
voter registration information of 1.3 million voters published
on the Board's Web site.
. . . recent reports indicate credit monitoring is insufficient
protection for people whose confidential information is
known to have been compromised. . . .
http://www.davickservices.com/Data_Breach_Cost.htm
© HIPAA Solutions, LC 2007
Real Risks - Financial
Internet security threat report from Symantec Corp.
Rate for the keys to assuming someone else's identity can be had for
between $14 and $18 per victim on underground cyber crime forums.
Full identities typically include Social Security numbers, the victim's
bank account information (including passwords), as well as personal
information such as date of birth and the maiden name of the victim's
mother.
DATA BREACHES SINCE JANUARY 2005 . . .
TOTAL number of records containing sensitive personal
information involved in security breaches OVER 150 million
records . . . http://www.privacyrights.org/ar/ChronDataBreaches.htm
© HIPAA Solutions, LC 2007
Real Risks - Financial
Man victimized again and again by ID theft
For two years now, Mark Maynard has repeatedly been mistaken for a felon named Kevin
O'Rourke. The ordeal has nearly cost Maynard his benefits and once put him in jail.
By CLAUDIA ROWE
Seattle Post Intelligencer - P-I REPORTER
It was a benign-looking letter, just a business-sized envelope from a Seattle department store that
came with the morning mail. But for Mark Maynard, it signaled the start of a bureaucratic maze
worthy of Franz Kafka's nastiest nightmares.
For the past two years, the retired Coast Guard veteran has been repeatedly mistaken for a
convicted thief named Kevin O'Rourke, who once passed himself off as Maynard by presenting a
fake driver's license. From that moment on, the disabled yeoman has been entangled in a net of
ever-more-complex legal problems.
In the past seven years, Social Security has received 94 million warrant files from states seeking
fugitives such as O'Rourke. That Maynard's name got swept up in the data stream is an
unfortunate but rare occurrence, a spokesman with the agency said. . . .
http://seattlepi.nwsource.com/local/308306_stolenid21.html
© HIPAA Solutions, LC 2007
Real Risks - Immigration
Red Tape Chronicles - MSNBC.com - Bob Sullivan
Author of “Your Evil Twin: Behind the Identity Theft Epidemic”
. . . Linda Trevino, who lives in a Chicago suburb, applied for a job last year at
a local Target department store, and was denied. The reason? She already
worked there -- or rather, her Social Security number already worked there.
Follow-up investigation revealed the same Social Security number had been
used to obtain work at 37 other employers, mostly by illegal immigrants
trying to satisfy government requirements to get a job. . . . .
. . . MSNBC.com research and government reports suggest hundreds of
thousands of American citizens are in the same spot -- unknowingly lending
their identity to illegal immigrants so they can work. And while several
government agencies and private corporations sometimes know whose
Social Security numbers are being ripped off, they won't notify the victims.
That is, until they come after the victims for back taxes or unpaid loans owed
by the imposter. . . .
http://redtape.msnbc.com/2006/03/hidden_cost_of_.html
© HIPAA Solutions, LC 2007
Real Risks – Immigration
Welfare
Federal Loans
Taxes
School System
Terrorist Infiltration
Voter Fraud
© HIPAA Solutions, LC 2007
Real Risks – Homeland Security
Dan Verton, in his book Black Ice: The Invisible Threat of
Cyberterrorism (2003), explains that "al-Qaeda cells now
operate with the assistance of large databases containing
details of potential targets in the U.S. They use the Internet
to collect intelligence on those targets, especially critical
economic nodes, and modern software enables them to
study structural weaknesses in facilities as well as predict
the cascading failure effect of attacking certain systems."
According to Secretary of Defense Donald Rumsfeld,
speaking on January 15, 2003, an al Qaeda training manual
recovered in Afghanistan tells its readers, "Using public
sources openly and without resorting to illegal means, it is
possible to gather at least 80 percent of all information
required about the enemy."
© HIPAA Solutions, LC 2007
Real Risks - Healthcare
MSNBC.com
Doctors, insurers ask, ‘Who are you?’
Medical identity theft, on the rise, can threaten lives as well as wallets
By Anne Thompson and Alex Johnson / NBC News / April 4, 2007
Andrew Brooke’s family knew something was screwy when they got a
collection notice for unpaid bills for treatment of his work-related back injury,
which included large prescriptions of the controlled painkiller Oxycontin.
“I’m looking at this bill, and I’m looking at my 3-week-old baby that can’t
even hold his head up, and it’s just a sense of outrage,” said Andrew’s father,
John Brooke, of Bothell, Wash., a suburb of Seattle.
Likewise, Jo-Ann Davis knew there was a mistake when a cop greeted her at
the pharmacy where she had gone to pick up a prescription in early 2005.
“I’ve never even had a speeding ticket,” said Davis, a veterinary technician
from Moon, Pa., near Pittsburgh.
Medical providers, it turned out, thought Andrew and Davis were other
people. Their medical identities had been stolen.
These are not isolated incidents: In a report last year, the World Privacy
Forum found that the number of Americans identifying themselves in
government documents as victims of medical identity theft had nearly tripled
in just four years, to more than a quarter-million in 2005. . . .
http://www.msnbc.msn.com/id/17048911/
© HIPAA Solutions, LC 2007
Real Risks - Healthcare
ID theft reaches medical realm
Stolen health care creates headaches, incorrect medical charts, empty wallets
By DEBBIE GILBERT - The Times
Identity theft can be a nightmare. If somebody steals your credit card and makes purchases
in your name, you may spend hours on the phone with banks and credit agencies trying to
restore your financial reputation. But medical identity theft can be even worse. Victims lose
more than just money; their very lives may be at stake. . . . .
. . . . Armed with the victim's name, Social Security number or insurance plan number, a thief
may try to use that information to get free health care. . . .
More ominously, any procedures, tests or medications administered to the thief may become
part of your permanent medical record. Next time you're admitted to a hospital, you may find
that your chart lists the wrong blood type or says you are on medications that you've never
taken. This can lead to medical errors, with potentially tragic consequences.
. . . . World Privacy Forum, a nonprofit consumer education group, estimates that at least
250,000 Americans have been victimized.
Some law enforcement officials believe the high cost of health insurance may be making this
form of theft more attractive to criminals.
http://www.gainesvilletimes.com/news/stories/20070107/localnews/148613.shtml
© HIPAA Solutions, LC 2007
Real Risks - Media
Gun Owners Irked By Newspaper Database Ploy
By Fred Lucas CNSNews.com Staff Writer March 13, 2007
(Editor's note: The Roanoke Times on Monday night removed the online database of
registered concealed handgun permit holders from its website until the Virginia State
Police, which provided the information, can "verify" the data. "When we posted the
information, we had every reason to believe that the data the State Police had supplied
would comply with the statutes. But people have notified us that the list includes names
that should not have been released,“. . .
(CNSNews.com) - Virginia handgun owners are fired up over the publication of
their names and addresses in a database posted online by a state newspaper.
The database of every Virginia resident who holds a state-issued permit to
carry a concealed handgun was posted on the Roanoke Times' website
Sunday to accompany a column in the paper by Times editorial writer
Christian Trejbal.
"There are good reasons the records are open to public scrutiny," Trejbal
wrote. "People might like to know if their neighbors carry. Parents might like
to know if a member of the car pool has a pistol in the glove box. Employees
might like to know if employers are bringing weapons to the office."
http://www.cnsnews.com/ViewNation.asp?Page=/Nation/archive/200703/NAT20070313b.html
© HIPAA Solutions, LC 2007
Real Risks - Government
Audit: IRS loses 490 computers
By UPI Staff April 6, 2007
WASHINGTON (UPI) -- A government audit in Washington found
that the personal information of more than 2,000 taxpayers has
been compromised by lost or stolen computers since 2003.
The audit, conducted by the Treasury Inspector General for Tax
Administration, found that 490 Internal Revenue Service
computers were lost or stolen in 387 incidents and the majority
of the incidents were not reported to the IRS computer security
office as regulations require, USA Today reported Thursday.
The report said IRS laptops are not equipped with sufficient
password controls and encryption software to protect taxpayer
information and other data from unauthorized access. . .
http://www.gopusa.com/news/2007/april/0406_irs_computers.shtml
© HIPAA Solutions, LC 2007
Real Risks - Government
HHS, GAO criticized over privacy report
by: Joseph Conn / HITS staff writer February 5, 2007
Last week, the Government Accountability Office issued a mild rebuke to
HHS over its handling of privacy and security issues while the department
leads the federal effort to promote development of a national healthcare
information network.
Reaction to the GAO report within the privacy community was far more
strident. In fact, both HHS and the GAO were zinged with criticism.
The 52-page GAO report, issued Thursday, was the focus of discussion
the following day in Washington at a meeting of the Senate
subcommittee on federal government management, the federal
workforce and the Senate Committee on Homeland Security and
Governmental Affairs.
The report criticized HHS for failing to establish “milestones” to measure
progress in development of privacy protections and for not having a
person or organization in charge of coordinating federal privacy policy
initiatives. HHS disagreed with the GAO’s findings in a written rebuttal.
http://www.modernhealthcare.com/apps/pbcs.dll/article?AID=/20070205/FREE/70205005/1029/newsletter02
0
© HIPAA Solutions, LC 2007
Real Risks – Data Mining
CONSUMER REPORTS INVESTIGATION WARNS YOUR PRIVACY IS FOR SALE
Buyers include marketers, employers, government agencies and thieves; Consumer
Reports offers tips to limit privacy invasion and thwart identify theft - October 2006 Issue
- YONKERS, NY – The practices of commercial data brokers can rob
consumers of their privacy, threaten them with identity theft and profile
them as dead beats or security risks, according to an investigative report
in Consumer Reports October Issue.
Choice Point, LexisNexis and Acxiom are among the largest of the horde of
data brokers that generate billions of dollars in revenue by selling sensitive
and personal information about millions of Americans to paying
customers, sometimes including crooks looking to cash in.
CR’s three-month investigation concluded that current federal laws do not
adequately safeguard American’s sensitive information, which is often
collected and sold by data brokers. This information can include Social
Security Numbers, phone numbers, credit card numbers, information about
an individual’s prescription medication, shopping habits, political
affiliations and sexual orientations. (Cont’d Next Slide)
© HIPAA Solutions, LC 2007
Real Risks – Data Mining
CONSUMER REPORTS INVESTIGATION WARNS YOUR PRIVACY IS FOR SALE
(Cont’d)
Among the most troublesome findings of CR’s investigation: There is no way
an individual can find out exactly what data collectors are telling others;
and the accuracy of that data is rarely verified. . . .
CR’s investigation reveals the growth of the Internet has spawned data
brokers that use deceptive practices to obtain sensitive and personal
information about people and sells it to virtually anyone, sometimes with
fatal consequences. . . .
Personal, sensitive information can be obtained from several sources, most
commonly are public records. Some data collectors hire researchers to visit
courthouses and county clerks’ offices to retrieve information from paper
records. However, a growing number of state and local governments are
posting personal records online, making information gathering easier and
increasing the potential for abuse. In addition, consumers themselves
supply tons of data, often unwittingly, because information about
purchases, donations, and memberships is now widely shared. . . . . .
http://www.consumerreports.org/cro/cu-pressroom/pressroom/2006/10/0610_eng0610pri_ov.htm?resultPageIndex=1&resultIndex=8&searchTerm=Privacy
© HIPAA Solutions, LC 2007
Real Risks – Data Mining
Courthouse for Sale – Cheap!
How your private information ends up on computer screens in Pakistan, Nigeria, China and Russia.
David Bloys - News for Public Officials Updated May 12th, 2006
In what could be the largest single transfer of a county asset to a private company in
the history of Texas, Fort Bend County Clerk Dianne Wilson recently sold every
document ever filed with the county clerk’s office to a Florida-based company. Red
Vision paid the county approximately $2,000 to transfer twenty million records by USB
cable. This may also be the cheapest price ever paid by a private company for the bulk
purchase of document images held by a government agency.
According to Wilson, this was just business as usual. In an interview with B.J. Pollack
of the Fort Bend Herald she said she sells the records "every day" in bulk to companies
like Red Vision and has since 1995.
An asset that took Fort Bend County taxpayers 167 years to create and ten years to
digitize was transferred to Florida in approximately 150 hours. Local taxpayers pay $1
a page for copies of their documents. Red Vision bought every document at the
liquidation price of 10,000 pages for a dollar. With a mission to “revolutionize” the way
banks, attorneys and title companies do business with local government, the company
has more U.S. courthouses on its shopping list. . . . .
http://www.davickservices.com/Courthouse%20for%20Sale%20-%20Cheap.htm
© HIPAA Solutions, LC 2007
Real Risks – Data Mining
States consider limits on medical data-mining
By Joe Mullin, Associated Press Writer | April 7, 2007
CARSON CITY, Nev. --"Know your customer" has long been the mantra of salespeople. But this year, state
lawmakers from New York to Nevada are wondering whether pharmaceutical company representatives
know their physician customers too well.
Lawmakers around the country are taking a hard look at datamining companies that keep detailed
records on what prescription drugs are prescribed by nearly every doctor in the U.S. Their databases,
updated weekly, are stripped of patient names and sold to the drug companies, who use the information
to target their sales pitches to doctors.
"Most doctors really don't know the level of detail" in the reports, said New Hampshire state Rep. Cindy
Rosenwald, who sponsored a bill last year making her state the first in the nation to ban such use of the
data. "I would say most doctors are shocked when they hear that drug reps really know everything
they've written."
The largest health datamining company, IMS Health, joined with Verispan LLC to challenge the New
Hampshire law in federal court. A decision is pending after the trial ended Feb. 5. In Canada, IMS also
has challenged a 2001 Alberta ban on releasing doctors' names.
Besides Nevada and New York, other states that have considered similar bills this year include Arizona,
Illinois, Kansas, Maine, Massachusetts, Rhode Island, Vermont, Washington, West Virginia and Texas. A
federal bill was proposed last year, but died in committee.
Proponents say drug companies use the data to manipulate doctors and aggressively market off-patent
drugs, which drives up health care prices and improperly interferes with doctors' practices. . . . .
http://www.boston.com/news/local/new_hampshire/articles/2007/04/07/states_consider_limits_on_medical_data_mining/
© HIPAA Solutions, LC 2007
Real Risks – Data Mining
Addressing the inevitable outcomes of privacy loss
Article published Mar 14, 2007
Privacy tends only to be addressed from the possessor's perspective. Our approach seems
to be to try to whoa the horse as it's leaving the barn. Data mining is one obvious side
effect of a centralized health record.
But the other half of the equation is how we control the inevitable results. Despite our best
efforts, someone will find a "legitimate" alternate use for this data—national security
comes to mind—and someone, somewhere, will pay for the otherwise innocent activity of
seeking medical help with a lost job, lost loan or other lost opportunity.
We must also address the results that follow from some unknown person's interpretation
of confidential information. The danger lies not in the information being accessed, but in
the consequences of someone's colored interpretation. Imagine background-checking
companies looking at this information and reporting back to a hiring company that one of
their candidates had an abortion and one didn't and, though they are otherwise equal,
some subjective decision based on private information will destroy someone's career.
We know from our experience with Social Security and credit information that, despite all
the best intentions, business pressures will find a way into our medical data, and unknown,
unregulated viewers will be judging us and finding us lacking. . . .
http://www.modernhealthcare.com/apps/pbcs.dll/article?AID=/20070314/FREE/70313008/1031/FREE
© HIPAA Solutions, LC 2007
Real Risks – Data Mining
DHS must assess privacy risk before using data mining tool, GAO says
The tool would be used to cull data for the fight on terrorism
March 22, 2007 (Computerworld) -- A tool being developed by the U.S. Department
of Homeland Security (DHS) to help it sift through large volumes of data in the
search for terrorist threats poses several privacy concerns, the Government
Accountability Office (GAO) warned in a report released yesterday.
The agency also called on the DHS to conduct a privacy impact assessment of the
tool immediately to help ameliorate those risks.
The tool, called ADVISE, for Analysis, Dissemination, Visualization, Insight and
Semantic Enhancement, is designed to cull very large databases and search for
patterns, such as relationships between individuals and organizations, to ferret out
suspicious people or activity. ADVISE is currently under development by the DHS.
In its report, the GAO raised questions about whether ADVISE could erroneously
associate individuals with terrorism because of faulty data, misidentify people with
similar names and rely on data collected for other purposes.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyId=9&articleId=9014068&intsrc=hm_topic
© HIPAA Solutions, LC 2007
Real Risks – Personal Safety
The Murder of Amy Boyer
by Robert Douglas
Far too often as we grapple with the issue of balancing the privacy of
Americans with the necessary and legitimate uses of Americans’ personal
information the debate centers on discussions of “data”, but not the lives
behind the “data”. . . .
. . . October of 1999 Amy Boyer, a young Nashua, New Hampshire woman,
was leaving work with two co-workers. . . . As Amy said good-bye and closed
her door, a car driven by Liam Youens sped up the street and . . . fired 11
bullets into the head and upper body of his unsuspecting 20 year-old victim. .
. . . fired one last shot into his head, instantly killing himself . . . . . . . He
openly planned Amy’s murder and the intended murder of others for more
than a year. . . . . he documented his plans to murder Amy on a web site . . . .
. . . . . evidence showed that Youens decided to ambush Amy as she left work.
But Youens had a problem. He didn’t know where Amy worked. So he started
using information brokers and private investigators that run Internet based
operations that specialize in obtaining and selling personal information on
Americans. In separate Internet transactions Youens purchased Amy’s date of
birth, social security number, home address, and finally her place of
employment.
Youens himself was struck by how easily he was able to purchase Amy’s
personal information while concealing his evil intent. . . . .
From the Testimony of Robert Douglas, CEO, PrivacyToday.com to United State Senate Committee on the Judiciary
Hearing on Securing Electronic Personal Data: Striking a Balance Between Privacy and Commercial and
Governmental Use
© HIPAA
Solutions, LC 2007
http://www.davickservices.com/murder_of_amy_boyer.htm
Real Risks - Business
T.J. Maxx data theft worse than first reported
Data stolen covers transactions dating as far back as December 2002
The Associated Press March 29, 2007
BOSTON - Information from at least 45.7 million credit and debit cards was
stolen by hackers who accessed TJX’s customer information in a security
breach that the discount retailer disclosed more than two months ago.
TJX Cos., the owner of about 2,500 stores, said in a regulatory filing late
Wednesday that about three-quarters of those cards had either expired at
the time of the theft, or data from their magnetic strips had been masked —
stored as asterisks rather than numbers. . . .
http://www.msnbc.msn.com/id/17853440/
Data From T.J. Maxx Breach Connected To Florida Fraud
By Martin H. Bosworth
ConsumerAffairs.Com - March 22, 2007
Personal information stolen in the massive TJX data breach was used by
thieves to make $8 million in purchases from Wal-Mart stores in Florida,
according to authorities.
http://www.consumeraffairs.com/news04/2007/03/tjx_florida.html
© HIPAA Solutions, LC 2007
Who May Oppose Protection
Businesses






Data Mining Companies
List Brokers
Marketing
Some Title Companies
IT Companies
Political Organizations
Government - i.e. Some County Clerks
Health Care Providers - Physicians & Hospitals
Media - Freedom of Information Proponents
© HIPAA Solutions, LC 2007
Legislative Protection
FEDERAL LEGISLATION EXAMPLES
 Social Security Act
 Privacy Act
 Health Insurance Portability & Accountability Act (HIPAA)
 Family Educational Rights and Privacy Act Regulations (FERPA)
 Fair Credit Reporting Act (FACTA)
STATES
 Public Information Acts
 Health Legislation
LIST OF STATE AND NATIONAL STATUTES PROTECTING PRIVACY
 http://www.privacyrights.org/faq.htm
© HIPAA Solutions, LC 2007
Protection - Issues
CONSISTENCY OF LEGISLATION – A great number of statutes at
Federal and State level have confusing or conflicting purposes
ENFORCEMENT OF EXISTING LAWS
IMMIGRATION – Lax Enforcement – 6th arrest practice
SSN – Lax Enforcement – Standard practice to sell SSN’s
HIPAA – Lax Enforcement – 28,000 complaints, no fines until 2007
CITIZEN AWARENESS – There is a lack of awareness of issues and
what to do if information is misused and who is misusing it.
MEDIA – Many in media underreport issues of personal information
because of desire for access to all information in public domain
LEGISLATORS – Business interests, some officials and media lobby
legislators in favor loose enforcement. “Squeaky wheel syndrome”
© HIPAA Solutions, LC 2007
CURRENT ISSUES – Texas AG Defines Problem
[Attorney General] . . . Abbott, in his opinion, stressed the danger
of identity theft and the potential for harm with the publication of
individuals' Social Security numbers. . . .
"Indeed, it is universally agreed that Social Security numbers are at the heart of
identity theft and fraud," said Abbott, "and in today's Internet world where
information - including public government information - can be instantly and
anonymously obtained by anyone with access to the worldwide web, the danger is
even greater."
. . . . Abbott stated that while Social Security numbers may be included on
documents considered public record, they should be redacted . . . before they are
distributed.
Furthermore, Abbott pointed out that the release of Social Security numbers does
not advance the aims of the Public Information Act because it "does not serve the
purpose of openness in government in any forseeable way".
The statute . . . Section 552.147, was created by the Texas Legislature in 2005.
http://www.herald-coaster.com/articles/2007/02/23/news/top_story/topstory.txt
© HIPAA Solutions, LC 2007
CURRENT ISSUES – LEGISLATION
RECENT TEXAS LEGISLATION
REDUCING PROTECTION
HB 2061 – Passed by Texas House and Senate, signed by
Governor in March of 2007. Protects County Clerks who
post SSN’s on internet and sell records to list brokers by
declaring SSN’s contained in Clerk’s records to be not
protected under PIA and also eliminates exposure to
Clerk’s of criminal prosecution or civil suits for releasing
SSN’s. Citizen’s given the right to ask for SSN redaction IF
can identify in writing where their information is located
and ask for redaction. Allows posting of unredacted
information and bulk sale of documents.
© HIPAA Solutions, LC 2007
BETTER PROTECTION
CITIZENS CAN REALIZE BETTER PROTECTION:

BE AWARE OF THE NEED FOR PROTECTION

OFFICIALS CAN ELIMINATE BULK SALE OF UNREDACTED PUBLIC RECORDS

STRICTLY CONTROL ONLINE ACCESS TO PUBLIC RECORDS ON INTERNET

STREAMLINE LAWS FOR EASIER IMPLEMENTATION OF PRIVACY POLICIES

AUDIT FOR COMPLIANCE WITH FEDERAL AND STATE PRIVACY REGULATIONS

ENFORCE THE EXISTING LAWS

MAKE LEGISLATORS AWARE OF CITIZEN CONCERNS

ASK FOR STRONG LEGISLATIVE ACTION

REQUIRE “BEST BUSINESS” PRIVACY PRACTICES

RECOMMEND EFFECTIVE USE OF TECHNOLOGY
© HIPAA Solutions, LC 2007
RESOURCES
Personal Information Complaints Resources . . .
Financial, Identity Theft or Fraud
Local District Attorney & AG
http://www.privacyrights.org/fs/fs17a.htm
Social Security Number Misuse
US Attorney
Local District Attorney & AG
http://www.privacyrights.org/fs/fs10-ssn.htm
Misuse Health Information
Office or of Civil Rights & Dept. Of Justice
http://www.hhs.gov/ocr/privacyhowtofile.htm
AG & Local DA
CONTACT INFORMATION FOR STATE & COUNTY OFFICIALS
http://www.capitol.state.tx.us/Home.aspx
http://www.naco.org/Template.cfm?Section=Find_a_County&Template=/cffiles/cou
GENERAL INFORMATION
http://www.epic.org/
http://www.consumersunion.org/campaigns/financialprivacynow/learn.html
http://www.privacyrights.org/
http://www.privacyrights.org/ar/ChronDataBreaches.htm
© HIPAA Solutions, LC 2007