HHS Says Lab Results Empower Consumers

by Bradley Jansen February 6th, 2014 1:15 pm

Time to renew the 23AndMe access to lab tests fight!  Background from previous posts here.

As most readers here are familiar on hand of the government (in this case the Federal Trade Commission Food and Drug Administration) has stopped consumers from getting genetic medical test results.  Now another hand of the government, this time the US Department of Health and Human Services (HHS) clarifies in a final ruling February 3:

"The right to access personal health information is a cornerstone of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule," HHS Secretary Kathleen Sebelius said in a press release. "Information like lab results can empower patients to track their health progress, make decisions with their health care professionals, and adhere to important treatment plans."

Explains the Medscape story:

Under the HIPAA Privacy Rule, patients or their designees or personal representatives can get a copy of their protected health information, including an electronic copy, with limited exceptions, but may have to put their request in writing and pay for the cost of copying, mailing, or electronic transfer, the release said. In most cases, copies must be given to the patient within 30 days of his or her request.

How on earth can the FTC continue their heavy-handed interference with private contracts now?!


Death and Privacy Part III

by Bob Gellman February 5th, 2014 12:46 pm

Death and Privacy:  Part III

By Bob Gellman

In 2013, I posted two short articles discussing whether and how privacy rights continue after the death of a data subject. The focus was on US law. I thought that it would be worthwhile to offer some additional information and resources to anyone who has an interest in the topic.

I attended the 2014 Computers, Privacy & Data Protection Conference in Brussels, Belgium, in January 2014, where there was a panel on Post-Mortem Privacy: Exploring Deceased’s Privacy in a Digital World. The Centre for Creativity, Regulation, Enterprise & Technology (CREATe) organized the panel.

Some post-mortem privacy issues, such as what happens to a Facebook page when the owner dies, have been the subject of attention and litigation in the US, but explorations of the general topic in Europe have gone further. Whether dead individuals have rights under the EU Data Protection Directive is not as clear as it might be, and the law in EU Member States varies somewhat. The materials below explore this and other related topics.

First, here are the particulars about the panel:

Chair Michael Birnhack, Tel Aviv University (IL)

Moderator Irina Baraliuc, Vrije Universiteit Brussel (BE)

Panel:  Damien McCallig, Galway University (IE); Elaine Kasket, British Psychological Society (UK); Jan Bikker, University of Dundee (UK); Wendy Moncur, University of Dundee (UK); Edina Harbinja, University of Strathclyde (UK).

 This panel explores the issues surrounding post mortem privacy (PMP): privacy of the deceased in the digital realm. This concept has only recently become a subject of concern in various disciplines, including law, sociology, psychology, computer sciences, anthropology, and forensics. The panel aims to tackle and explain how the competing privacy interests of the deceased, bereaved family, heirs and society should be dealt with following death. It will assess and question the value and importance of the various aspects of privacy in digital remains from personal interest and public interest perspectives. Panelists, drawn from a diverse range of disciplines and interests, will explore the challenges posed to the values and aspects of privacy by our interactions with digital technology and post-death phenomena, specifically digital legacy, inheritance, identity, property, mourning and the repurposing or further uses of digital remains.

This interdisciplinary panel envisages tackling the following PMP-related challenges:

● The bequest, inheritance and repurposing of personal data (such as emails, photos and social network site interactions) in the context of the death of technology users;

● Technologically-mediated mourning and memorialisation and posthumously maintained bonds with the dead;

● Comparative legal issues related to the phenomenon of PMP (personality, data protection, copyright);

● PMP themes relating to the interests of victims experienced in global disasters, whether survivors, the deceased or next-of-kin.

 Second, I looked at some of the materials that the panel members made available, and here are a few links that may be of interest. This is not a comprehensive list of materials, but it will give interested parties a start.


An issue of Scripted (2013) has several articles about post-mortem privacy by people from the CPDP panel. I won’t list the details here. Click on the link above for abstract and copies.


Dealing with digital death Posted on Monday, October 14th, 2013 at 4:30 am By Damien McCallig

Through the use of email, social media, and other online accounts, our lives and social interactions are increasingly mediated by digital service providers. As the volume of these interactions increases and displaces traditional forms of communication and commerce the question of what happens to those accounts, following the death of the user, takes on greater significance.

Should the relatives or heirs of a deceased Facebook user have the ‘right’ to access, take control of, or even delete the account? Some of you reading this will recoil in dread at such a thought, quickly remembering all of those digital indiscretions and private messages you would prefer to assign to oblivion but never got around to deleting. Other readers may remember a friend, no longer alive today, and will possibly turn to social media later to seek out a picture and recall a shared memory.



The Law of Digital Remains. Reconciling the dignity and interests of the deceased with those of the living. Damien McCallig, School of Law, National University of Ireland Galway.

Dealing with the aftermath of someone’s death is always a difficult and sensitive issue. In recognition of this, society has developed various rites, rituals and norms to aid the family and loved ones to deal with the physical remains and redistribute the possessions of the deceased. This involves balancing an innate desire to respect the dignity of the deceased with the needs and interests of the surviving family and wider community.

In the pre-digital age laws adequately reflected these rites and norms. For example, personal mementos, photographs, letters, scrapbooks and meaningful tokens that hold sentimental value pass by default along with the physical property they are bound up in. Succession law reflects these norms, with personal property passing by will or the rules of intestacy. The unauthorised interference by unconnected third parties with a deceased’s personal items was generally precluded as they were bound up in property that would remain within the home or in the possession of friends or family. The digital universe has changed this.



Online life after death faces legal uncertainty. Different jurisdictions set different rules for what should happen to online personal data after death

By Loek Essers, IDG News Service 

October 08, 2012, 10:24 AM — When people die in the real world, their online alter egos may live on, creating an unusual situation for those who only knew them through their online presence. The law is only beginning to address this limbo state, and fragmented privacy legislation provides no conclusive answer to the question of who should be allowed to access or delete someone's social networking profile or email correspondence after they die, a panel discussion at the Amsterdam Privacy Conference concluded.

When a Facebook user dies and Facebook is informed of the death, the company "memorializes" the profile, hiding features such as status updates, and allowing only confirmed friends to view the timeline and post on the profile. Maintaining access to such a profile helps in the mourning process, said psychologist Elaine Kasket, who presented a paper on life after death on Facebook at the conference on Monday. "Visible conversation with a person who died and about person who died is important in the grief process," she said.



From death to final disposition: roles of technology in the post-mortem interval 

By Wendy Moncur, Jan Bikker, Elaine Kasket, and John Troyer

Abstract:  In this paper, we describe collaborative processes and stakeholders involved in the period from when a person dies until they are laid to rest: the funeral, final disposition of the body, and (in some circumstances) victim identification. The rich mixture of technologies currently deployed during this brief period are categorized and critically analyzed. We then reflect on the implications of our findings, both for the design of technology that takes the end of life into account, and for the wider HCI community.


 'What Happens to My Facebook Profile When I Die?’: Legal Issues Around Transmission of Digital Assets on Death (February 21, 3013) Lilian Edwards, University of Strathclyde Law School, and Edina Harbinja, University of Strathclyde Law School

 Abstract:  This chapter aims to explore some of the major legal issues pertaining to transmission of digital assets on death. “Digital assets” within this chapter are defined widely and not exclusively to include a huge range of intangible information goods associated with the online or digital world: including social network profiles e.g. on Facebook, Twitter, Google or Linked In; emails, tweets, databases etc; in-game virtual assets (e.g., as bought, found or built in worlds such as Second Life, World of Warcraft, Lineage, etc); digitised text, image, music or sound, such as video, film and e-book files; passwords to various accounts associated with provisions of digital goods and services, either as buyer, user or trader (e.g. to eBay, Amazon, Facebook, YouTube etc); domain names; 2D or 3D personality-related images or icons such as user icons on LiveJournal or avatars in Second Life; and not excluding the myriad types of digital assets emergent as commodities capable of being assigned worth (e.g. “zero day exploits” or bugs in software which antagonists can exploit ).

The chapter explores (a) how far the new digital assets fall into existing paradigms of property (b) the interactions between property, succession, privacy and contract in this domain, especially in the context of assets generated on intermediary sites such as social networks (c) whether we need a notion of "post mortem privacy" and (d) briefly , some solutions to some of the issues thrown up by previous sections, including emerging legislation , and the new breed of "life after death" technology assistants such as Legacy Locker.



Privacy at RootsTech

by Bradley Jansen February 2nd, 2014 9:07 pm

As many technologically-oriented genealogists know, the RootsTech conference at Salt Lake City, Utah starts soon.  In fact, this group blog started at RootsTech last year, and we announced it during an "unconferencing session" with Fred Moss of the Federation of Genealogical Societies, Jim Dempsey with the Center for Democracy and Technology and myself.

The syllabi for this year's conference are available here.

Looking at the schedule, one will find many issues related to privacy and the related tech issues such as storing and sharing your information online and in the cloud.

Just a reminder that "genealogyland" has joined privacy and technology advocates to update the Electronic Communications Privacy Act (ECPA) in the Digital Due Process coalition.  For more information, check out http://digitaldueprocess.org.


Practical Practices in Pennsylvania

by Kenneth H. Ryesky February 1st, 2014 10:49 pm

There are two interrelated historical patterns that occur with great frequency:

A. Individuals of power and influence ignore and/or dismiss the significance of an event or development; and, the other side of the coin,

B. There are individuals who engross themselves into any given trend or paradigm shift long before the general acceptance or implementation of such trend or paradigm.

Shortly after the 1993 bomb incident in the World Trade Center parking garage, my brother-in-law, who is very active and high-profile in the broadcast industry, advised broadcasters who had antennae on the WTC Towers to implement back-up antennae at other locations, just in case the WTC antennae would suddenly be removed from service.  Eight years later, my then 12-year-old son, who made a daily 1-hour commute from Long Island to his school in Queens via the Long Island Railroad, had one of the relatively few operational cell phones in the September 11, 2001 chaos. Those cell phone providers who depended solely upon their WTC Tower antennae were caught short-handed, and my brother-in-law was quite unhappily vindicated (as were my wife and I, who had been criticized and castigated for giving a twelve-year-old kid a cell phone).

And, let us not forget what data digitization did to the photographic film manufacturers, and the manufacturers and purveyors of the cameras that used the film, and the processors of the film.

So it goes with privacy and the genealogical community. Those genealogists who failed to recognize the broader privacy issues are now being abruptly sucked into the great privacy debate. And the privacy conversation, genealogy and otherwise, is now spotlighting many areas and issues which heretofore had been seemingly unconnected to our main focuses of concern. One of these is privacy and the taxation process. [It is parenthetically noted that old taxation records are valuable genealogical resources; indeed, it was the sovereigns' concerns for collecting the taxes that was the impetus for the use of surnames in many societies.].

We are now at the point where all but the most naive in the contemporary genealogical community in America are at least generally aware of how the IRS's data security (mal)practices affect their genealogical research.

It has come to the attention of this tax lawyer that the Pennsylvania Department of Revenue has issued the following pronouncement:

"Beginning with the 2014 income tax filing season, the department instituted new security measures to identify and intercept fraudulent refund filings. As part of this initiative to ensure refunds are issued only to their rightful owners, taxpayers may be asked to confirm their identities before refunds are issued."

How this new initiative fares remains to be seen, but people in the taxation community will certainly be watching to see whether the Pennsylvania Revenue Department is ahead of the IRS on the power curve. Pennsylvania's practices and procedures will play into the discussion as to whether the recent restrictions on the Death Master File access (of which I posted on 7 January 2014) are sufficient or are overly broad.

It is a discussion in which the genealogical community must participate.