HHS Issues Proposed Rule Governing Clinical Laboratories

By Cameron G. Shilling (originally published 9/26/2011)

The United States Department of Health and Human Services issued a proposed rule that expands the rights of patients to access test results directly from clinical labs covered by HIPAA.  The rule would amend the regulations under the Clinical Laboratory Improvement Amendments of 1988 (CLIA) to require that, upon a patient’s request, the lab must provide access to completed test reports concerning the patient.  The proposed rule was published on September 14, 2011, and has a 60 day comment period.

Digital Privacy Article Analyzing Quon v. City of Ontario Published in ABA Journal

By Cameron G. Shilling (originally published 5/27/2011)

The American Bar Association has published in its Journal of Employment and Labor Relations Law an article I recently wrote analyzing the U.S. Supreme Court’s decision in Quon v. City of Ontario. The following is the opening passage from the District Court’s decision, and foreshadows the potential significance of this case with regard to data privacy issues.

Continue reading

Facebook Exonerated by Federal Court of EPCA and SCA Claims

By Cameron G. Shilling (originally published 5/20/2011)

A federal court has dismissed class action claims against Facebook under the Electronic Communications Privacy Act (ECPA) and Stored Communications Act (SCA).  The claims arose from Facebook’s practice in early 2010 of disclosing to advertisers the user names of Facebook users who clicked on advertisements, even though that practice was contrary to Facebook’s privacy policy.

The ECPA prohibits the interception of an electronic communication when it is in transit from sender to recipient.  The SCA prohibits the unauthorized access or disclosure of electronic communications stored on certain computer systems.

Continue reading

Disney Subsidiary Will Pay $3 Million for Violating Children’s Online Privacy

By Cameron G. Shilling (originally published 5/19/2011)

A Disney subsidiary, Playdom, Inc., has agreed to pay a $3 million penalty to settle a Federal Trade Commission (FTC) charge that it violated the FTC’s Children’s Online Privacy Protection Act (COPPA) Rule by collecting and disclosing personal information from hundreds of thousands of children under age 13 without their parents’ prior consent.

Continue reading