The following document is from the PRIVACY Forum Archive at Vortex Technology, Woodland Hills, California, U.S.A. For direct web access to the PRIVACY Forum and PRIVACY Forum Radio, including detailed information, archives, keyword searching, and related facilities, please visit the PRIVACY Forum via the web URL: http://www.vortex.com ----------------------------------------------------------------------- PRIVACY Forum Digest Tuesday, 4 May 1999 Volume 08 : Issue 07 Moderated by Lauren Weinstein (lauren@vortex.com) Vortex Technology, Woodland Hills, CA, U.S.A. http://www.vortex.com ===== PRIVACY FORUM ===== ------------------------------------------------------------------- The PRIVACY Forum is supported in part by the ACM (Association for Computing Machinery) Committee on Computers and Public Policy, Cable & Wireless USA, Cisco Systems, Inc., and Telos Systems. - - - These organizations do not operate or control the PRIVACY Forum in any manner, and their support does not imply agreement on their part with nor responsibility for any materials posted on or related to the PRIVACY Forum. ------------------------------------------------------------------- CONTENTS "The Vortex Daily Reality Report and Unreality Trivia Quiz" (Lauren Weinstein; PRIVACY Forum Moderator) Re: Health Care Financing Administration Database (John Bacon-Shone) Re: Privacy and "Dr. Death" (John Deters) Euthanasia / Kevorkian (James Cayz) Activism Without Principles is Futile (Dick Mills) US, Euro Consumer Groups Call for Privacy Convention (Roger Clarke) Mailing lists (Henry Keultjes) Carrying a Laptop into the UK - Rights to Search (Chris D'Arcy) S.782: Patients' Telephone Privacy Act of 1999 (Peter Marshall) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The Internet PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. All submissions should be addressed to "privacy@vortex.com" and must have RELEVANT "Subject:" lines; submissions without appropriate and relevant "Subject:" lines may be ignored. Excessive "signatures" on submissions are subject to editing. Subscriptions are via an automatic list server system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@vortex.com". Mailing list problems should be reported to "list-maint@vortex.com". All messages included in this digest represent the views of their individual authors and all messages submitted must be appropriate to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "ftp.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the list server system. Please follow the instructions above for getting the list server "help" information, which includes details regarding the "index" and "get" list server commands, which are used to access the PRIVACY Forum archive. All PRIVACY Forum materials are available through the Internet Gopher system via a gopher server on site "gopher.vortex.com". Access to PRIVACY Forum materials is also available through the Internet World Wide Web (WWW) via the Vortex Technology WWW server at the URL: "http://www.vortex.com"; full keyword searching of all PRIVACY Forum files is available via WWW access. ----------------------------------------------------------------------------- VOLUME 08, ISSUE 07 Quote for the day: "Anyone who's always right makes me sick." -- Randall (David Rappaport) "Time Bandits" (Handmade Films; 1981) ---------------------------------------------------------------------- Date: Mon, 3 May 99 21:56 PDT From: lauren@vortex.com (Lauren Weinstein; PRIVACY Forum Moderator) Subject: "The Vortex Daily Reality Report and Unreality Trivia Quiz" Greetings. As you might expect, I get a lot of e-mail, tending to run the gamut in a variety of ways... One frequent class of received messages is requests for comments or advice on matters concerning not only privacy but also a variety of related (and sometimes unrelated) fields. Since there tends to be considerable overlap between many such requests, suggesting common points of interest, I've now launched the audio program with the long name: "The Vortex Daily Reality Report and Unreality Trivia Quiz" It's available via RealAudio over the net, and is updated each day from Monday through Friday. Essentially, it's a daily brief blast of (my) opinionated commentary, focusing on exposing the fallacies of muddy thinking, crazy ideas, misguided concepts, and other related areas that seem to be sending the signal/noise ratio of our society down the drain. As you can imagine, privacy issues are included, but are but one of the topic areas covered. These short (just a minute or two) audio reports tend to be more opinionated than my National Public Radio commentaries, and cover a much wider range of subjects. Each of these short audio reports also includes an "Unreality Trivia Quiz" question (and the answer to the previous program's question). What's an "unreality" question? Try it and see... These daily features can be heard via a link at the main PRIVACY Forum page: http://www.vortex.com/privacy or can be played directly via the RealAudio file URL: http://www.vortex.com/reality.ram Please feel free to forward this announcement, or link to the associated program URLs, as you feel appropriate. Comments, opinions, and ideas for segments are always welcome, of course! Thanks very much. --Lauren-- Lauren Weinstein Moderator, PRIVACY Forum http://www.vortex.com ------------------------------ Date: Mon, 19 Apr 1999 07:24:21 +0800 From: John Bacon-Shone Subject: Re: Health Care Financing Administration Database "Dennis S. Davies, P.T." said: ... The most recent intrusion however, is an intrusion into the lives of the clients of federal and state chartered home health agencies. HCFA (the Health Care Financing Administration--the administrator of Medicare--pronounced "hecfa") now requires that a 17 page questionnaire be filled out on all clients of home health agencies... As an applied statistician, I believe I can see very well the need for creating the database, but as a privacy advocate, I also believe that the database is being handled in a manner that yields unnecessarily high privacy risk. Clearly, encryption could be used to ensure that the database cannot be easily linked back to an identifiable person. In fact, this is another good illustration of why rubbishing of the EU directive by US privacy "experts" is so wrong. Under Hong Kong's data protection law, which implements the directive in a manner that does not bring ethical business to a stop, this database could only be implemented with full informed consent (of the guardian where appropriate), no penalty for declining to participate, and would also require that the privacy commissioner be convinced that the privacy risks have been minimised. Regards John Dr John Bacon-Shone, Director, Social Sciences Research Centre, The University of Hong Kong, Pokfulam Road, Hong Kong Tel: 852-28592412 Fax: 852-28584327 E-mail: mailto:johnbs@hku.hk Web http://www.ssrc.hku.hk ------------------------------ Date: Mon, 19 Apr 1999 14:37:28 -0500 From: John Deters Subject: Re: Privacy and "Dr. Death" First, I'd like to state my position on euthanasia: I support a person's right to make their own choices in life and in death. I do not, however, go out and march on behalf of this cause, nor will I place a "Free Jack" bumper sticker on my vehicle. I believe it's a private decision to be made privately by a person, and personally I think it should be done only with the full support of family. That said, I also think anyone who wishes to terminate their life is in need of professional counseling. Euthanasia should be considered as one of the options available at that time. Does Dr. Kervorkian deserve his fate? Perhaps not on second degree murder charges, but certainly he should be sued for malpractice. I think Dr. Kervorkian's methods were abnormal, and that they represented a violation of the patient/physician relationship. These people sought Dr. Kervorkian out looking for assistance with suicide. The fact that they were turning to a professional for assistance implies that they were indeed open to the idea of "legitimate" assistance. If euthanasia were officially practiced in this country, I believe they would have sought out euthanasia the same way they sought out other medical services. But Dr. Kervorkian performed his procedures without physician referrals (of necessity), without studying patient backgrounds and with only cursory counseling. If you were a heart surgeon, would you perform a coronary bypass on a patient who walked in your door that morning saying, "Doc, I need a bypass?" Of course not. You'd want a referral from a licensed doctor, and you'd examine the patient yourself. You would examine X-rays, you would run EKGs and have laboratories perform blood tests, and you would counsel the patient to get a second opinion. You'd schedule the surgery with a hospital, and you would proceed knowing an entire board of review would examine your surgery if the patient should happen to die. Dr. Kervorkian didn't receive referrals from psychiatrists, psychologists or clinicians. He received people who knew of his reputation and found him in the phone book. He would offer perhaps one hour of "counseling" or questioning, and then he would perform a procedure that we would consider at least as major as open heart surgery, if not as complex. His only board of review was the coroner's certificate proving only that his patient did indeed die. I have also heard that in at least one case, (not the televised case for which he was convicted,) he helped end the life of a patient who was suffering only from depression, which is considered a treatable illness. I believe that ultimately euthanasia will require as much examination of the patient as open heart surgery. The examination and decision processes need to be much more refined in order for euthanasia to be accepted in this country. Dr. Kervorkian assumed for himself the role of hangin' judge, jury, and executioner. As patients with life-threatening problems seeking medical assistance, we need to demand better treatment than that. John Deters jad@pclink.com ------------------------------ Date: Mon, 26 Apr 1999 09:55:21 -0400 (EDT) From: James Cayz Subject: Euthanasia / Kevorkian. I find that today's society has the greatest case of "societal selfishness" with regards to euthanasia. We can allow perfectly good food to be thrown out and pets to be put asleep simply because they are unwanted. But if a person, who is in great long term pain or suffering, wants to save himself some time, and his family a lot of expense, and everyone a lot more pain & suffering, this isn't allowed???? Where did *someone* draw the line here? It certainly wasn't at the "pain" level - many pets are not in pain when put to sleep. It couldn't be at a "societal worth" level - a person with long term / terminal disease, requiring constant medical attention, and unable to work, is not contributing to the overall societal health. What is left is a quasi-spiritual notion that Man is Master of everything else, including the Earth and all its animals, and that although we can pretty much do as we see fit with everything else, every HUMAN life is sacred, even if that particular person doesn't agree. Except for War. And Crime. And preventable disease. And Hunger. So, we spend our time & money prosecuting people who only want to "make it end". And not enough time & money on trying to solve bigger issues like War, Crime, Disease, and Hunger. Makes you feel Honored to be a Human, eh? James ------------------------------ Date: Mon, 19 Apr 1999 20:55:04 -0400 From: Dick Mills Subject: Activism Without Principles is Futile As I read the most recent issue, PRIVACY Forum Digest Volume 08 : Issue 06, I was struck by the repetitive nature of the privacy gripes. They follow a common theme. We have a laudable motive for intrusion that must be "balanced" with a privacy interest. Because there can never be unanimity about laudability, balances are always compromises. I'm sick and tired of balancing my privacy. Thousands of times per year we balance away some tiny bit of it. After a long time, big mountains are eroded to molehills, one grain of sand at a time. If our approach to protecting privacy is to strike balance after balance, the end result is inevitable. We loose. In the USA, our primary claim to a legal right to privacy comes from Warren and Brandeis' famous 1890 essay. But their concept of "reasonable expectation of privacy" is deficient. What is reasonable to expect today is less than it was in 1890, and it will be still less tomorrow and the day after that. Reasonable expectation is a slippery and increasingly steep slope. The slide down is a one way trip. Every time one of us says, "Because of your laudable motives, I approve of your intrusion of someone else's privacy," we lower the bar of reasonable expectation another notch. Laudable motives are seldom considered justification to encroach upon the rights of speech or religion. We consider those rights absolute, not relative. We try to hold them inviolate. Are there no inviolate principles of privacy? If privacy activism is worthwhile, then we must foresee the point where the general erosion of privacy will bottom out and perhaps rebound. If that's not reasonably foreseeable, what's the point? -- Dick Mills http://www.albany.net/~dmills ------------------------------ Date: Wed, 28 Apr 1999 09:18:17 +1000 From: Roger Clarke Subject: US, Euro Consumer Groups Call for Privacy Convention Forwarded to me by Marc Rotenberg: PRESS RELEASE Wednesday, April 28 1999 US and European Consumer Groups Call for Privacy Convention TACD Rejects "Safe Harbor" Proposal Brussels - The TransAtlantic Consumer Dialogue (TACD), a coalition of sixty leading consumer organizations from the United States and Europe, issued a resolution this week opposing the adoption of a "Safe Harbor" proposal and recommended instead the establishment of an International Convention on Privacy Protection to address growing public concern about the absence of effective privacy protection in transborder data flows. The TACD said that the Safe Harbor proposal under consideration by the governments of the United States and the European Union fails to provide adequate privacy protection for consumers. Jim Murray, Director of the European Consumers' Organization (BEUC) based in Brussels, said that consumers are entitled to legal redress for the protection of personal privacy. "We do not feel that the Safe Harbor proposal provides adequate enforcement to safeguard the interests of European citizens. We are also not pleased about the elaborate procedures that consumers will be required to follow to pursue privacy violators." The TACD specifically called on the European Commission and the Ministers of the European Council to reject the Safe Harbor proposal, saying that the proposal would "undermine the purpose of the EU Data Directive and compromise the privacy interests of European citizens." Among the objections to the proposal, the TACD further said that the proposal lacks an effective means of enforcement and redress for privacy violations. The consumer coalition also said that the proposal fails to ensure that individual consumers will be able to access personal information obtained by businesses. Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, DC said that the TACD resolution underscored the need for greater public participation in the development of international privacy policies. "We are simply past the day when the government and the industry can propose sweeping polices that affect the privacy interests of consumers without taking the time to seek substantial public input." The resolution on Safe Harbor was one of several resolutions issued by the TACD during the two-day meeting in Brussels. The consumer organizations also addressed food safety and standards, electronic commerce, trade and other issues. LINKS Trans Atlantic Consumer Dialogue http://www.tacd.org/ TACD Resolution on Safe Harbor Proposal and International Convention on Privacy Protection http://www.tacd.org/meeting1/electronic.html#safe Safe Harbor Proposal, US Department of Commerce http://www.ita.doc.gov/media/ European Consumers' Organization (BEUC) http://www.beuc.org/ Jim Murray, BEUC, tel: +32 2 743 1590 Electronic Privacy Information Center http://www.epic.org/ Marc Rotenberg, EPIC, tel +1 202 544 9240 RESOLUTION Resolution on the "Safe Harbor" Proposal and International Convention on Privacy Protection Adopted by the Trans Atlantic Consumer Dialogue (TACD) Brussels, Belgium April 1999 RESOLVED The Safe Harbor proposal now under consideration by the United States and the European Union fails to provide adequate privacy protection for consumers in the United States and Europe. It lacks an effective means of enforcement and redress for privacy violations. It places unreasonable burdens on consumers and unfairly requires European citizens to sacrifice their legal right to pursue privacy complaints through their national authorities. The proposal also fails to ensure that individual consumers will be able to access personal information obtained by businesses. Therefore, 1. The TACD urges the European Commission and the Ministers of the European Council to reject the Safe Harbor proposal. The proposal will undermine the purpose of the EU Data Directive and compromise the privacy interests of European citizens. 2. The TACD recommends the development and adoption of an International Convention on Privacy Protection that will help safeguard the privacy interests of consumers and citizens in the twenty-first century. 3. The TACD further urges national governments to ensure that consumer organizations are given a more central role in the future development of international privacy policies and practices that affect consumer interests. ------- Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/ Xamax Consultancy Pty Ltd, 78 Sidaway St, Chapman ACT 2611 AUSTRALIA Tel: +61 2 6288 1472, and 6288 6916 mailto:Roger.Clarke@xamax.com.au http://www.xamax.com.au/ Visiting Fellow Department of Computer Science The Australian National University Canberra ACT 0200 AUSTRALIA Information Sciences Building Room 211 Tel: +61 2 6249 3666 ------------------------------ Date: Fri, 30 Apr 1999 06:36:45 -0400 From: Henry Keultjes Subject: Mailing lists While the mailing list industry likes to talk about their "clean" lists, it is still a very backward industry that does not want to get "with the program" because they get paid by the thousand names. In this electronic age, where a mailing list for a magazine can be transmitted from one place in the world to another in minutes, those folks still print labels on rolls weeks and sometimes months ahead of the actual printing. If one calls to be removed from a list, as I frequently do, the typical answer is "you will still be receiving three or four of these because the labels have been printed already". Efforts to get off mailing lists are only moderately successful because the companies that mail the stuff and the companies that sell the lists have diverse interests. Therefore if I receive a mailing from OfficeMax and I ask to be taken off their mailing list, the typical answer is that it was not their list and it was rented for a one time use and they don't know who the list was bought from. Simple solution: Require that for rented mailing lists only the email address of the list owner appear at the top of the label, the location where such info customarily is listed. Therefore I don't have to waste my time to contact a company that has no control over that particular situation. The email address will always be the list owner because if it is not a rented list it will be the email address of the solaced house list. I mentioned diverse interests between mailing list companies and the companies that rent these lists. I am sure that mailing list companies initially will hate this idea. However, the companies that rent these list would greatly benefit from it because soon the lists they rent would be much cleaner and be much better targeted to those that are actually interested in opening these mailings and the list rental companies will eventually see the benefit of selling cleaner lists. I would like to see this idea get posted and, if it has merit in the eyes of the beholder, let them contact the companies that they trust their names to and suggest this solution. Henry Keultjes Microdyne Company POB 1056 Mansfield OH 44901-1056 email keultjes@sprintmail.com Voice 419-525-1111 Fax 525-1883 ------------------------------ Date: Fri, 30 Apr 1999 14:10 +0100 (BST) From: cdarcy@cix.co.uk (Chris D'Arcy) Subject: Carrying a Laptop into the UK - Rights to Search In the June edition of Personal Computer World, under the headline "Travelers face filth check" there is an article about speculation (i.e. the company MD says he "has reason to believe") that UK Customs and Excise will start to use forensic software from Vogon International (www.authentec.co.uk) to scan travelers' laptops for child pornography. If this were to be true, it strikes me that it is an incredible infringement of a travelers rights. Customs should have the right to search property upon entry into the UK where they have reasonable grounds to believe there is a problem. But this development would allow the wholesale stop and search of anyone traveling with a laptop. If material were to be found, what rights would there be for a traveler who was using a laptop from a pool, or carrying one on behalf of a colleague? What is also not clear is if this technology would raise the alarm if it found something it couldn't read (for example, someone's encrypted e-mail) - would it assume it was dubious leading to delays and embarrassment for the traveler? And what would be the position if something out of the ordinary was detected, what guarantees would there be that the software would not false alarm? On the whole, it sounds like a very sinister twist. Chris D'Arcy, UK [ This topic has been discussed previously here in the PRIVACY Forum Digest, but is certainly worthy of another note. -- PRIVACY Forum Moderator ] ------------------------------ Date: Sun, 2 May 1999 15:01:48 -0700 From: Peter Marshall Subject: S. 782: Patients' Telephone Privacy Act of 1999 S.782 SPONSOR: Sen Feinstein, Dianne (introduced 04/13/99) Patients' Telephone Privacy Act of 1999 A bill to amend title 18, United States Code, to modify the exception to the prohibition on the interception of wire, oral, or electronic communications to require a health insurance issuer, health plan, or health care provider obtain an enrollee's or patient's consent to their interception, and for other purposes. Apr 13, 99: Read twice and referred to the Committee on Judiciary. Mrs. FEINSTEIN. Mr. President, today I introduce a bill to protect the medical privacy rights of patients when they talk to their health care insurers or providers. The bill requires health care insurers and providers to obtain patients' `express consent' before tape-recording or monitoring conversations. Today, the health insurance industry routinely tape-records and monitors incoming telephone calls of patients with questions about their health insurance coverage. This bill halts that common practice with two simple rules. First, health insurance companies and health care providers must obtain the patient's `express consent' before tape-recording or monitoring a conversation. Second, health insurance companies and health care providers must give patients the option not to be tape-recorded or monitored. The bill puts control of medical privacy back where it belongs--in the hands of patients who have no choice but to share personal information with their health insurance and health care providers. The bill protects all patients-- Whether covered by private or public health plans, Whether covered by group, individual, or self-insured health plans, Whether covered by Medicare or Medicaid, Whether covered by Federal health plans, or Whether covered by the Children's Health Insurance Plan. Let me emphasize again who would be subject to the bill--the health insurance and health care industry--a huge industry that necessarily affects all of us. First, the bill would cover communications between patients and health insurers. Second, the bill would cover communications between patients and `health care providers,' which includes physicians and other health care professionals. Federal law now requires that only one party must consent to the tape-recording or monitoring of a telephone conversation. In California, state law provides that all parties must consent before a telephone conversation may be tape-recorded. Nearly a dozen other states have adopted similar two-party consent laws. They include Delaware, Florida, Illinois, Kansas, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Pennsylvania, and Washington. Even two-party consent laws, however, do not adequately address this problem. Health insurance companies tape-record or monitor patients' calls based on the patient's implied consent. Implied consent arises from the patient talking after hearing the health insurer's recording that the call may be tape-recorded or monitored. In this case, courts have held that consent is given implicitly. Consequently, merely changing federal law to a two-party consent rule would not solve the problem. The key requirement must be that the health insurer or health care provider obtains the patient's express consent. Only this change will protect individuals when they call their health insurance provider with questions about their health care coverage. When my office contacted the top 100 health insurance providers in this country, we learned from nearly all who responded that they routinely monitor or tape-record calls received from patients. Let me share with my colleagues some responses that we received. Kaiser Permanente operates in nineteen states and the District of Columbia, and provides care to more than nine million members. Their practice varies from state to state, depending on applicable state laws. Kaiser Permanente may: Monitor randomly selected calls, in which case it may, or may not, notify patients in advance; or tape-record all or randomly selected calls, in which case it may, or may not, notify patients in advance. United HealthCare wrote to me that they did not believe that tape-recording or monitoring calls even presents a privacy issue. Their rationale was that they only randomly tape-record calls and only after advising the caller that they may record the call. Great-West responded that a patient has the option of communicating in writing if the patient does not want a telephone call to be tape-recorded. Let me say simply--that is not good enough for me. Imagine the undue burden the task of writing a letter may place on elderly or seriously ill patients. Despite the two-party consent rule in California, New York Life Care Health Plans, Inc., asserted that no violation of California law occurs without a `confidential communication.' Under California state law, the definition of a `confidential communication' does not include communications where the parties may expect that the call may be recorded. New York Life asserted that, since they told patients that their calls could be monitored, their calls were not confidential calls. New York Life's display of legal bootstrapping shows little, if any, regard for medical privacy rights. Their interpretation of the word `confidential' turns its commonly understood meaning on its head! In the minds of most people, what could be more confidential than matters about one's personal health problems? Surely little, if anything. How many of my colleagues in the Senate would say that communications about their health problems with health insurance or health care providers are not confidential? Blue Cross Blue Shield of the National Capital Area does not give patients any notice that their calls may be monitored. Their Associate General Counsel responded that, in both Maryland and the District of Columbia, telephone communications in the normal course of business do not meet the definition of an `interception.' Thus, consent is not required. Although Virginia law considers a telephone to be an `intercepting device,' Virginia follows the one-party consent rule. Finger Lakes Blue Cross Blue Shield randomly tape-records calls from patients and only now is setting up a front-end recording to inform patients of that practice. New York requires only one party to consent. None of the health insurance providers who responded to my office gave me a valid reason for tape-recording or monitoring patients' calls. The standard response from health insurers was that they tape-record or monitor patients' calls for so-called `quality control,' an ambiguous term at best. Indeed, no one explained what that term means, how tape-recording calls benefits patients, or why tape-recording calls was necessary. Of course, health insurance providers are not the only business entities that tape-record telephone conversations. How many of us realize that when we call for airline tickets, bank account information, mutual fund transfers, or any myriad of other daily concerns, the other party on the telephone line will be tape-recording the conversation? Yet, personal health information is far more personal in nature and, accordingly, entitled to greater protection. It stands alone as uniquely different from other commercial transactions. This bill does not attempt to change the consent rule for other business entities. It would apply only to health insurance and health care providers. Most patients today have almost no choice about their health insurer provider or, increasingly, about their health care provider. In turn, the health insurer may give the patient no option except to submit to tape-recording the conversation. An elderly, or seriously ill patient, is simply not going to object. Admittedly, much disclosure of medical information occurs both with patient consent and for valid medical reasons. For instance, insurance companies receive information from physicians based upon a written consent form signed by the patient at the physician's request. Yet, increasingly, threats to medical health privacy have become less visible and, in that sense, more alarming. Many individuals are left with a false sense of privacy. The potential for misuse of personal health information is real and growing. A fundamental right to medical privacy is embedded in American society. Most Americans presume that telephone conversations about their health problems are confidential. Sadly, they are wrong. Conversations with our health insurance and health care providers often contain deeply personal information, including prescription drugs, psychiatric care, alcohol dependency--the list goes on and on. Surely they deserve protection. Traditionally, Americans have relied upon a confidential relationship with their doctors. Let's restore at least some measure of protection to telephone conversations about our personal health problems. This bill allows health insurance and health care providers to continue their routine practice of tape-recording or monitoring patients' calls--but only with the patient's express consent. ------------------------------ End of PRIVACY Forum Digest 08.07 ************************