Oct 152019
 October 15, 2019  Posted by  Breaches, Govt, Non-U.S.

Katy Griffin reports:

A Fordingbridge man says he was “stunned” and “very upset” after discovering by chance that his medical records had been accessed and details shared without his consent.

The data breach took place in 2016 but Robert Richardson found out about it more than two years later after making a Right of Access information request.

Now Southern Health NHS Trust has admitted failing in its data protection obligations following the incident which involved a member of its staff accessing and sharing details of a patient’s confidential medical records without consent.

Mr Richardson received £1,500 as part of the settlement.

Read more on Salisbury Journal.

Oct 142019
 October 14, 2019  Posted by  Healthcare, Non-U.S., Youth & Schools

I love reading case notes from Privacy Commissioners in other parts of the world to see how they apply their countries’ regulations. There’s a new decision from New Zealand’s Privacy Commissioner that will probably be of interest to parents of American schoolchildren as it involves how school personnel handled a student’s medical information.  Spoiler alert: I was a bit surprised that the parents’ complaint was upheld, and I wondered whether there might be any unintended consequences of the complaint such as damage to the relationship between the school and the parents, or teachers not refreshing their memory of what to do in a medically urgent situation. 

See what you think when you read the decision.


Oct 142019
 October 14, 2019  Posted by  Laws, Non-U.S.

Kristof Van Quathem of Covington & Burling writes:

The Council of EU Member States – one of the two main EU lawmaking bodies – recently released a new draft version of the ePrivacy Regulation (“EPR”).  Negotiations on the regulation have been deadlocked for a while, but seem to be gathering new momentum under the Finnish Presidency.  Below we highlight some selected topics that may be of interest to readers.

    • Users will have to be reminded (probably every 12 months) of their right to withdraw their consent to the processing of electronic communications content or metadata, unless users request not to receive these reminders. This does not apply to consent for cookies or direct marketing by e-mail or SMS.

Read more on InsidePrivacy.

Oct 142019
 October 14, 2019  Posted by  Featured News, Healthcare, Laws

Odia Kagan of Fox Rothschild writes:

“New York Gov. Andrew Cuomo recently signed legislation that will effectively prohibit ambulance and first response service providers from disclosing or selling patient data to third parties for marketing purposes.

The bill was signed into law on October 7. The new law bans the sale of patient data, or individually identifying information to third parties, outside of sales to health providers, the patient’s insurer, and other parties with appropriate legal authority.

Read more on HIPAA & Health Information Technology.