Group items tagged

First quarter federal reports show Google lobbied on the electronic medical records provisions of the federal economic stimulus act, contradicting the Internet giant's earlier claims that Consumer Watchdog's report of its effort was "100 percent false." Google's report shows a total expenditure of $880,000 on lobbying during the period including on "online health-related initiatives; issues relating to online personal health records, including in connection with H.R. 1: American Recovery and Reinvestment Act of 2009." Google also contracted with an outside firm, the Podesta Group, which independently reported lobbying for Google on "health information technology" and "online privacy." King and Spalding LLP also independently reported lobbying for Google on "online health-related initiatives, including health information technology provisions in H.R. 1, The American Recovery and Reinvestment Act." After the nonprofit, nonpartisan Consumer Watchdog reported the "rumored" lobbying in January, Google contacted a charitable foundation about withdrawing Consumer Watchdog's funding. In a letter to Google CEO Eric Schmidt released today, Consumer Watchdog said the company owes the group an apology. Read Consumer Watchdog's letter here: http://www.consumerwatchdog.org/resources/LtrSchmidt042209.pdf. "It is now clear from public records that Google was lobbying Congress relating to online personal health records in connection with the economic stimulus act... What else could Google have been seeking except to be excluded from the Health Insurance Portability and Accountability Act (HIPAA) provisions on privacy and forbidding sale of records? Please tell us," wrote Jamie Court, Consumer Watchdog president and John M. Simpson, consumer advocate. "There is a simple way to resolve this," the letter said. "Publicly release all the substance of Google's lobbying efforts on H.R. 1. Google knows the drill: organize the information and make it universally accessible and useful."

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009). Beginning no later than September 16 of this year, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information. The HIPAA Privacy Rule currently does not contain a requirement that individuals be notified in the event of such as breach. However, some covered entities interpret the existing HIPAA Privacy Rule requirement that covered entities mitigate harmful effects of uses or disclosures of health information in violation of either the Privacy Rule or the entity's policies and procedures as suggesting that such notice be given, and many covered entities currently provide such notification.

Late last month, the House passed an economic recovery package containing $20 billion for health information technology, which would require the Department of Health and Human Services to develop standards by 2010 for a nationwide system to exchange health data electronically. The version of the recovery package passed by the Senate yesterday contains slightly less funding for health information technology ("health IT"). But as Congress moves to reconcile the two stimulus packages, conservatives have begun attacking the health IT provisions, falsely claiming that they would lead to the government "telling the doctors what they can't and cannot treat, and on whom they can and cannot treat." The conservative misinformation campaign began on Monday with a Bloomberg "commentary" by Hudson Institute fellow Betsy McCaughey, which claimed that the legislation will have the government "monitor treatments" in order to "'guide' your doctor's decisions." McCaughey's imaginative misreading was quickly trumpeted by Rush Limbaugh and the Drudge Report, eventually ending up on Fox News, where McCaughey's opinion column was described as "a report." In one of the many Fox segments focused on the column, hosts Megyn Kelly and Bill Hemmer blindsided Sens. Arlen Specter (R-PA) and Jon Tester (D-MT) with McCaughey's false interpretation, causing them to promise that they would "get this provision clarified." On his radio show yesterday, Limbaugh credited himself for injecting the false story into the stimulus debate, saying that he "detailed it and now it's all over mainstream media."

The recent U.S. stimulus bill includes $18 billion to catapult the health industry toward the world of electronic health records. This is sure to light a fire under every hungry security vendor to position itself as the essential product or service necessary to achieve HIPAA compliance. It should also motivate healthcare IT professionals to learn where their sensitive data is located and how it flows. To be sure, with federal money allocated through 2014 for the task of modernizing the healthcare industry there will be many consultant and vendor businesses that will thrive on stimulus money. Healthcare is unique in that storage of electronic health records is highly distributed between primary care physicians, specialist doctors, hospitals, and insurance/HMO organizations. Information has to be efficiently shared among these entities with great sensitivity towards patient privacy and legitimate claims processing. Patients want to prevent over zealous employers from performing unauthorized background checks on medical history; claim processors want to prevent paying fraudulent claims arising from targeted patient identity theft. The bill has two provisions which turn this into a tremendously challenging plan, and a daunting task for securing patient data: * Citizens will have the right to monitor and control use of their own health data. This implies a large centralized identity and access control service, or perhaps a federated network of patient registration directories. Authenticated users will be able to reach into the network of health databases audit use of their data and payment history. * Health organizations suffering loss of more than 500 patient records must publicly disclose the breach, starting with postings on the government's Health and Human Services website. This allows related organizations to trace the impact of the breach throughout the healthcare network, but care must be taken not to disclose vulnerabilities in the system to intruders

Don't expect a letter from Monster or Heartland Payment Systems letting you know they've lost your data. The breaches at Monster.com and Heartland Payment Systems are raising questions about the efficacy of data-loss disclosure laws enacted in at least 45 states. Back in 2007 we wrote about how the financial services industry lobbied hard to block proposed federal rules requiring organizations to notify individuals whose data they lose, and to permit consumers to freeze their credit histories. States such as California and Massachusetts have passed laws giving consumers these rights. But the Monster and Heartland capers have brought weaknesses in the legislation to center stage. I asked Lisa Sotto, head of privacy and information management at law firm Hunton & Williams, about this: Q: Heartland and Monster told me they intend to comply with all state laws. That said, they have not announced plans to notify individual victims. Is that OK? A: In the state breach notification laws, it is permissible to delay notification if a law enforcement agency determines that notification would impede a criminal investigation. If such a delay is requested by law enforcement, notification must be made after the law enforcement agency determines that notice would not compromise the investigation. I do not know if these companies received a delay request from a law enforcement agency. Q: Monster says it chose not to email individual victims because the bad guys could then replicate that message and use it as a phishing template. That makes sense. But is that allowed by state consumer protection laws? A: There are now 45-plus state laws and they are not uniform. Typically, notice is provided via first class mail, but there are provisions in the state laws allowing for electronic notice as well. Q: The only official notices from Heartland and Monster so far has been one-page disclosures posted on a web site. Does that cover them? A: There are provisions in the state laws al

Overview Privacy is a fundamental human right. It underpins human dignity and other values such as freedom of association and freedom of speech. It has become one of the most important human rights of the modern age.[1] Privacy is recognized around the world in diverse regions and cultures. It is protected in the Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and in many other international and regional human rights treaties. Nearly every country in the world includes a right of privacy in its constitution. At a minimum, these provisions include rights of inviolability of the home and secrecy of communications. Most recently written constitutions include specific rights to access and control one's personal information. In many of the countries where privacy is not explicitly recognized in the constitution, the courts have found that right in other provisions. In many countries, international agreements that recognize privacy rights such as the International Covenant on Civil and Political Rights or the European Convention on Human Rights have been adopted into law. Defining Privacy Of all the human rights in the international catalogue, privacy is perhaps the most difficult to define.[2] Definitions of privacy vary widely according to context and environment. In many countries, the concept has been fused with data protection, which interprets privacy in terms of management of personal information. Outside this rather strict context, privacy protection is frequently seen as a way of drawing the line at how far society can intrude into a person's affairs.[3] The lack of a single definition should not imply that the issue lacks importance. As one writer observed, "in one sense, all human rights are aspects of the right to privacy."[4]

"The U.S. Department of Health and Human Services issued an interim final rule to beef up penalties for violations of the Health Insurance Portability and Accounting Act (HIPAA), as several Congressmen criticize the agency for leaving dangerous loopholes in the law. The new rules significantly increase penalty amounts that the U.S. Department of Health and Human Services can impose for HIPAA violations of patient privacy, according to a statement from HHS. The new rules reflect requirements enacted in the Health Information Technology for Economic and Clinical Health (HITECH) sections of the American Recovery and Reinvestment Act (ARRA) of 2009. Before HITECH, maximum penalties were $100 for each violation or $25,000 for all identical violations of the same provision. A covered health care provider, health plan, or clearinghouse could be exempt from civil financial penalties if it demonstrated it did not know it violated the HIPAA rule. The HITECH act increases civil financial penalties by establishing tiered ranges of increasing minimum penalties, with a maximum $1.5 million for all violations of identical provisions. And a "covered entity" can plead ignorance as a protection only if it fixes the violation within 30 days of discovery."

GoogleApps is an upgade to the Los Angeles computer systems security? Doesn't that explain a lot?! Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Google Inc. this week came swinging at critics who have cited privacy and security concerns in calling on the city of Los Angeles to rethink its plan to implement the Google Apps hosted e-mail and office applications. In an interview yesterday, Matt Glotzbach, director of product management for Google Enterprise, said the angst voiced by consumer groups and others about the Los Angeles project is overstated and based on incomplete information. In fact, he contended that transitioning the applications to Google will strengthen the security of the city's data and better maintain its privacy. "From what I know of the city's operation, this is a security upgrade," Glotzbach said. "Those who may be unfamiliar with cloud computing see this as a security risk simply because it is new and because it is something different," he said. Glotzbach said he believes that at least some of the concerns raised originated from Google's competitors. Meanwhile top managers at the Los Angeles Information Technology Agency (ITA), which oversees technology implementations in the city, yesterday said the city is still committed to implementing Google Apps. The agency insisted that provisions are in place for addressing the security and privacy issues raised by critics. A spokesman for Mayor Antonio Villaraigosa said the city council will sign off on the project only after it is assured that the privacy and security concerns have been properly addressed.

Recommend watching this Frontline report on the secret life of credit cards. Interesting: http://www.pbs.org/wgbh/pages/frontline/shows/credit/view/ - Karl ------------------------------------------------------------------------------- Millions of Americans have already seen their credit card limits shrink, and millions more face the same fate as lenders prepare for tougher U.S. consumer protection rules. Since the financial crisis deepened a year ago, credit card companies have been closing millions of inactive accounts, cutting credit limits and raising interest rates to cushion themselves from record loan losses. This is just the beginning of the biggest shake-up in the credit card industry in at least 20 years, analysts said. Credit Suisse analyst Moshe Orenbuch estimated available credit card lines will be cut by about 20 percent, or $1.2 trillion, in coming months, and warned that "further cuts could result from the provisions of the new credit card law."

Millions of Americans have already seen their credit card limits shrink, and millions more face the same fate as lenders prepare for tougher U.S. consumer protection rules. Since the financial crisis deepened a year ago, credit card companies have been closing millions of inactive accounts, cutting credit limits and raising interest rates to cushion themselves from record loan losses. This is just the beginning of the biggest shake-up in the credit card industry in at least 20 years, analysts said. Credit Suisse analyst Moshe Orenbuch estimated available credit card lines will be cut by about 20 percent, or $1.2 trillion, in coming months, and warned that "further cuts could result from the provisions of the new credit card law."

"In a sign that state attorneys general may be flexing the HIPAA enforcement muscle granted by the HITECH Act provisions in the Recovery Act, the Connecticut and Arizona attorneys general are investigating health plans that recently experienced data breaches that they failed to disclose for several months. Typically, state attorneys general prosecute only violations of state laws, but they now have authority to investigate and levy fines for violations of HIPAA and the HITECH Act, which requires mandatory notifications within two months of knowledge of a breach. Connecticut Attorney General Richard Blumenthal (D) has emerged as possibly the first AG to take on a HIPAA investigation, and Arizona's AG may also be pursuing a similar course. The larger of the two breaches that have come to the AGs' attention was experienced by Health Net, Inc., which lost a portable external hard drive containing seven years of data for 446,000 Connecticut residents. The lost data came from 1.5 million individuals in total, who also hailed from New Jersey and New York. Health Net reported the loss to the Connecticut AG on Nov. 19, and on the same day Blumenthal issued a scathing statement demanding answers and promising action. He specifically said he was investigating whether Health Net may have violated "federal laws," as well as his state's own data protection laws."

"A federal law designed to prevent employers and health insurers from discriminating against an individual based on their genetic predisposition to disease took effect late last month, signaling a new era where intermingling genetic advances and privacy concerns create new challenges in health care. But left out of the federal Genetic Information Nondiscrimination Act, commonly known as GINA, were privacy protections for individuals seeking long-term care, disability and life insurance coverage. Each of those areas was left up to the individual states. At least 10 states regulate the use of genetic information in long-term care insurance. But in California, privacy protections were left to expire by lawmakers in January 2008. Mark Billingsley, spokesman for state insurance commissioner Steve Poizner, said in an e-mail that there "appears to be a giant loophole" in California's insurance code regarding long-term care insurance and genetic privacy protections. He said he couldn't identify a single provision in the state code that would preclude a private insurer from requesting such a test for underwriting purposes. "

A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations. Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments. I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy. What were the pros and cons of each approach? Free sources Privacy leaders with no budget will want to exploit what's free, including these options: * Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries. * Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends. * Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data. * The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

The Federal Trade Commission today announced that it has approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to advance the use of health information technology and, at the same time, strengthen privacy and security protections for health information. Among other things, the Recovery Act recognizes that there are new types of Web-based entities that collect or handle consumers' sensitive health information. Some of these entities offer personal health records, which consumers can use as an electronic, individually controlled repository for their medical information. Others provide online applications through which consumers can track and manage different kinds of information in their personal health records. For example, consumers can connect a device such as a pedometer to their computers and upload miles traveled, heart rate, and other data into their personal health records. These innovations have the potential to provide numerous benefits for consumers, which can only be realized if they have confidence that the security and confidentiality of their health information will be maintained. To address these issues, the Recovery Act requires the Department of Health and Human Services to conduct a study and report, in consultation with the FTC, on potential privacy, security, and breach notification requirements for vendors of personal health records and related entities. This study and report must be completed by February 2010. In the interim, the Act requires the Commission to issue a temporary rule requiring these entities to notify consumers if the security of their health information is breached. The proposed rule the Commission is announcing today is the first step in implementing this requirement. In keeping with the Recover

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

Former Booz Allen Hamilton management consultant Melissa Hathaway's much anticipated 60-day review of U.S. cybersecurity policy is scheduled to hit President Obama's desk this Friday. All eyes of the tech security community will be watching. It will signal what approach Obama will take in the complicated task of stemming cyber threats. Obama has said he will make the Internet safer for citizens and businesses, while playing catchup to China and Russia who are far ahead in the cyberwarfare arms race. "We're trying to do cybersecurity in a democracy," says Leslie Harris, President and CEO of the Center for Democracy & Technology. "Doing cybersecurity in China, my guess, is a lot easier." CDT held a press briefing this morning at which it warned that a cybersecurity bill, introduced earlier this month by Sen. John Rockefeller, D-W.Va, and Sen. Olympia Snowe, R-Maine, is the first of several that likely will be proposed once Hathaway's review is out. Harris said CDT agrees with a provision in the Rockefeller-Snowe bill that would create a cabinet-level cybersecurity adviser reporting directly to President Obama, but questions some of the extraordinary federal enforcement powers that could be created. CDT says it doesn't want citizens' civil liberties trampled upon. CDT general counsel Greg Nojeim gave Hathaway high marks for keeping her review process relatively open, in contrast to the Bush administration's penchant for secrecy. "So far the White House review team gets high grades on transparency," Nojeim said. Hathaway has held closed briefings in the past several weeks with Congressional committees, industry groups and privacy organizations, said Nojeim. "But the real test will be whether their recommendations reflect a commitment to transparency in the execution of the program," said Nojeim.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests. President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence. The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress. At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.

The Department of Homeland Security's Data Privacy and Integrity Advisory Committee has offered DHS Secretary Janet Napolitano 16 recommendations on how to best address privacy issues currently facing the department. The panel stressed that "the need to update the government's legal authority to protect and defend cyberspace in the U.S. classified intelligence systems raise specific and sometimes significant privacy issues, including the conflict between transparency and redress." The committee has asked that each DHS component - such as the Federal Emergency Management Agency and Office of Intelligence and Analysis - have a designated privacy officer that would report to the head of the section. The committee also "encourages DHS to continue to work toward policy and functional interoperability in the development of new systems and when making major modifications to existing systems," according to a letter from the committee hand delivered to Napolitano. Additionally, the panel said the 1974 Privacy Act has "not kept pace with the evolution of technology and developments in how data is collected, used, shared and stored. To the extent the Secretary is asked to submit recommendations to Congress for making the act more relevant and effective, the committee recommends that the secretary seek guidance from the Privacy Office staff, who are experts in applying the Act's provisions throughout the department." For more on the recommendations, read the committee's letter here.

THE Government is looking to develop a way to protect individuals' personal data that can 'best address' three issues. These are privacy concerns, commercial requirements and national interest. An inter-ministry committee is already reviewing the issue, said Minister for Information, Communications and the Arts Lee Boon Yang. 'As data protection is a complex issue, with extensive impact on all stakeholders, this review will take some time,' he said. He said this in a written reply to a question posed by Ms Lee Bee Wah of Ang Mo Kio GRC in Parliament on Monday. She had asked if his ministry will consider a comprehensive privacy law, and wanted to know what laws there are to protect people from spam mail and the unauthorised sale of personal information. Also, what about those whose photographs have been posted on blogs and other new media platforms without their authorisation, she had asked. This would be considered a 'civil matter', said Dr Lee. 'The aggrieved persons could first ask the site's webmaster to remove the pictures,' he said. 'As with matters relating to online libel and personal defamation, they could also seek professional legal advice to determine the most appropriate legal recourse.' As for the protection of personal data, the minister said that although no generic data protection law exists, such data is still protected. He listed the various measures that are already in place. For instance, there are 'strict provisions' in sectoral laws such as the Banking Act, and codes for medical professionals to protect sensitive financial and health information, he said. There are also other industry codes of practices against the unauthorised use of personal information, he added. For example. the Telecom Competition Code requires licensees to take 'reasonable measures' to prevent the unauthorised use of consumers' information. In addition, there is a voluntary privacy code, which has been adopted by many companies in the private sector, said Dr

Current government rules do too little to protect the privacy of people's personal health information and also hinder the use of health data in medical research, a panel of experts reported on Wednesday. A committee of the Institute of Medicine, which provides advice to U.S. policymakers, urged Congress to take an entirely new approach to protecting personal health data in research. Federal standards for protecting privacy of personal health data under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, are not doing the job, the panel said. Congress and the Obama administration are planning major changes this year to the U.S. health care system. Regarding the privacy rules, Congress should either start from scratch or thoroughly overall HIPAA's privacy provisions, the panel said. Better data security is needed, with greater use of encryption and other security techniques, the panel said. Encryption should be required for laptops, flash drives and other devices containing such data, it said. "Both privacy and health research are important. And we feel that we can strengthen privacy protections for people who participate in research while also allowing important research to proceed without unnecessary impediments," Dr. Bernard Lo of the University of California San Francisco, a member of the panel, told reporters. HIPAA governs how personally identifiable health information can be used and disclosed by health plans, health care providers and others. The intention is to protect personal health information while permitting the flow of information for health-related research and medical care. Lo said HIPAA has burdensome and confusing procedures for people to consent to have their health data used in medical research, dissuading people from taking part in such research.

Feds would spend $20 billion on health IT if Senate and House agree in coming weeks. The House-passed version of the economic stimulus bill includes about $20 billion in spending for health IT. The bill, known as H.R. 1 or the American Recovery and Reinvestment Act of 2009, would make Medicare and Medicaid providers and hospitals eligible for incentive payments for using certified e-health records technology. It also supports health information exchanges, standards development and conformance testing, a chief privacy officer for health IT and other aspects of health IT. The portion of the bill called the Health Information Technology for Economic and Clinical Health Act -- the Hitech Act, for short -- and health IT spending provisions passed largely unchanged from the bills introduced earlier this month. The Senate is expected to take up a similar bill in the first week of February. The Senate bill now calls for $23 billion in health IT spending. Once it is passed, a House-Senate conference will need to resolve differences between the bills. Congressional leaders aim to send President Barack Obama the bill by mid-February.

A consumer group accused Google of seeking provisions in the economic stimulus package that would allow it to sell patient medical data to Google Health advertisers. Perhaps patients' biggest worry about electronic medical records is that their private health data will get into the wrong hands. To get a feel for some folks' anxiety, just take a look at this from a group called Patient Privacy Rights: "CHILLING NEWS ABOUT HEALTH PRIVACY: You Have None." (Or look at one of our many posts about health data breaches.) So it's probably not a surprise that Google, which last year launched Google Health, a personal online repository, was quick to refute a charge by a different consumer group, called Consumer Watchdog, of "a rumored [Google] lobbying effort aimed at allowing the sale of electronic medical records." The group further claimed that Google is "reportedly" pushing for items in the economic stimulus bill that would allow the company to "sell patient medical information" to advertisers. Google shot back, posting an item in its public policy blog calling the claims "100 percent false and unfounded." The company added: Google does not sell health data. In fact, one of our most steadfast privacy principles is that we don't sell our users' personal data, whether it's stored in Google Health, Gmail, or in any of our products. And from a policy perspective, we oppose the sale of medical information in the health care industry. Google's ear is likely fine tuned to this issue, considering some folks in the medical community have already pointed out the company is not a type required to follow a federal patient-privacy law called HIPAA.