The evolving maintenance of certification process: update on the financial status of the medical boards

Medical board organizations have accumulated large asset balances, in part due to the monetization of physician board recertification, as well as capital gains in positive investment conditions. Physicians across the country have raised concerns regarding the effectiveness and efficiency of existing recertification processes, to which the American Board of Medical Specialties and independent accreditation boards have responded with newly instituted changes. The present article analyzes the publicly available F990 tax forms of the medical boards in an effort to provide data to the ongoing debate. Although some boards have begun to mobilize assets in recent years, many continue to accumulate wealth. It remains to be seen whether the new recertification programs will bring about change or perpetuate organizational wealth

A medieval fallacy: the crystalline lens in the center of the eye.

ObjectiveTo determine whether, as most modern historians have written, ancient Greco-Roman authors believed the crystalline lens is positioned in the center of the eye.BackgroundHistorians have written that statements about cataract couching by Celsus, or perhaps Galen of Pergamon, suggested a centrally located lens. Celsus specifically wrote that a couching needle placed intermediate between the corneal limbus and the lateral canthus enters an empty space, presumed to represent the posterior chamber.MethodsAncient ophthalmic literature was analyzed to understand where these authors believed the crystalline lens was positioned. In order to estimate where Celsus proposed entering the eye during couching, we prospectively measured the distance from the temporal corneal limbus to the lateral canthus in 30 healthy adults.ResultsRufus of Ephesus and Galen wrote that the lens is anterior enough to contact the iris. Galen wrote that the lens equator joins other ocular structures at the corneoscleral junction. In 30 subjects, half the distance from the temporal corneal limbus to the lateral canthus was a mean of 4.5 mm (range: 3.3-5.3 mm). Descriptions of couching by Celsus and others are consistent with pars plana entry of the couching needle. Anterior angulation of the needle would permit contact of the needle with the lens.ConclusionAncient descriptions of anatomy and couching do not establish the microanatomic relationships of the ciliary region with any modern degree of accuracy. Nonetheless, ancient authors, such as Galen and Rufus, clearly understood that the lens is located anteriorly. There is little reason to believe that Celsus or other ancient authors held a variant understanding of the anatomy of a healthy eye. The notion of the central location of the lens seems to have arisen with Arabic authors in 9th century Mesopotamia, and lasted for over 7 centuries

The PII Problem: Privacy and a New Concept of Personally Identifiable Information

Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems

An Overview of Privacy Law in 2022

Chapter 1 of PRIVACY LAW FUNDAMENTALS (6th edition, IAPP 2022) provides an overview of information privacy law circa 2022. The chapter summarizes the common themes in privacy laws and discusses the various types of laws (federal, constitutional, state, international). It contains a list and brief summary of the most significant U.S. federal privacy laws. The heart of the chapter is an historical timeline of major developments in the law of privacy and data security, including key cases, enactments of laws, major regulatory developments, influential publications, and other significant events. The chapter also contains a curated list of important treatises and scholarly works. PRIVACY LAW FUNDAMENTALS is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases. The book summarizes the essential provisions of all of the major privacy statutes and regulations, including COPPA, ECPA, FCRA, FERPA, FISA, FTC Act, GLBA, HIPAA, TCPA, Privacy Act, VPPA, and more. The book includes summaries of foreign laws such as the EU\u27s GDPR, China\u27s PIPL, Canada\u27s PIPEDA, Brazil\u27s LGPD, and more. In addition, the book summarizes key state privacy laws and provides an overview of FTC and HHS enforcement actions. The authors provide numerous charts and tables summarizing the privacy statutes (i.e. statutes with private rights of action, preemption, and statutory damages, among other things)

The PII Problem: Privacy and a New Concept of Personally Identifiable Information

Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems

Reconciling Personal Information in the United States and European Union

US and EU privacy law diverge greatly. At the foundational level, they diverge in their underlying philosophy: In the US, privacy law focuses on redressing consumer harm and balancing privacy with efficient commercial transactions. In the EU, privacy is hailed as a fundamental right that trumps other interests. Even at the threshold level - determining what information is covered by the regulation - the US and EU differ significantly. The existence of personal information - commonly referred to as “personally identifiable information” (PII) - is the trigger for when privacy laws apply. PII is defined quite differently in US and EU privacy law. The US approach involves multiple and inconsistent definitions of PII that are often quite narrow. The EU approach defines PII to encompass all information identifiable to a person, a definition that can be quite broad and vague. This divergence is so basic that it significantly impedes international data flow. A way to bridge the divergence remains elusive, and many commentators have generally viewed the differences between US and EU privacy law as impossible to reconcile. In this essay, we argue that there is a way to bridge these differences at least with PII. We contend that a tiered approach to the concept of PII (which we call “PII 2.0”) represents a superior way of defining PII than the current approaches in the US and EU. We also argue that PII 2.0 is consistent with the different underlying philosophies of the US and EU privacy law regimes. Under PII 2.0, all of the Fair Information Practices (FIPs) should apply when data refers to an identified person or where these is a significant risk of the data being identified. Only some of the FIPs should apply when data is merely identifiable, and no FIPs should apply when there is a minimal risk that the data is identifiable. We demonstrate how PII 2.0 advances the goals of both US and EU privacy law and is consistent with their different underlying philosophies. PII 2.0 thus begins the process of bridging the current gap between US and EU privacy law

An Overview of Privacy Law

Chapter 2 of PRIVACY LAW FUNDAMENTALS provides a brief overview of information privacy law – the scope and types of law. The chapter contains an historical timeline of major developments in the law of privacy and data security. PRIVACY LAW FUNDAMENTALS is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases. Professors Daniel Solove and Paul Schwartz clearly and concisely distill all relevant information about privacy law into this short volume. PRIVACY LAW FUNDAMENTALS is designed to be like Strunk and White’s Elements of Style for the privacy field – the essential handy reference guide that cuts right to the heart of each topic. The book covers the key provisions of all of the major privacy statutes and regulations: COPPA, DPPA, ECPA, FCRA, FERPA, FISA, FTC Act, GLBA, HIPAA, Privacy Act, VPPA, and more. In addition, it summarizes key state privacy laws such as data security breach notification statutes and provides an overview of FTC enforcement actions. The authors provide numerous charts and tables summarizing the privacy statutes (i.e. statutes with private rights of action, preemption, and liquidated damages, among other things). Topics areas covered include: the media, domestic law enforcement, national security, government records, health and genetic data, financial information, consumer data, data security, education privacy, employment privacy, and international privacy law

An Overview of Privacy Law

Chapter 2 of PRIVACY LAW FUNDAMENTALS provides a brief overview of information privacy law – the scope and types of law. The chapter contains an historical timeline of major developments in the law of privacy and data security. PRIVACY LAW FUNDAMENTALS is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases. Professors Daniel Solove and Paul Schwartz clearly and concisely distill all relevant information about privacy law into this short volume. PRIVACY LAW FUNDAMENTALS is designed to be like Strunk and White’s Elements of Style for the privacy field – the essential handy reference guide that cuts right to the heart of each topic. The book covers the key provisions of all of the major privacy statutes and regulations: COPPA, DPPA, ECPA, FCRA, FERPA, FISA, FTC Act, GLBA, HIPAA, Privacy Act, VPPA, and more. In addition, it summarizes key state privacy laws such as data security breach notification statutes and provides an overview of FTC enforcement actions. The authors provide numerous charts and tables summarizing the privacy statutes (i.e. statutes with private rights of action, preemption, and liquidated damages, among other things). Topics areas covered include: the media, domestic law enforcement, national security, government records, health and genetic data, financial information, consumer data, data security, education privacy, employment privacy, and international privacy law