legal – Bredemarket

Why Do We Have Electronic Health Records?

I’ve discussed the electronic health record (EHR) before, and plan to do so again. But before I dive into EHRs and “the A word,” I want to take a look at WHY we have EHRs.

When dinosaurs roamed the earth

In the old days, even within the lifetimes of some of us, there were no ELECTRONIC health records. There were PAPER health records, stored in large file cabinets. If you were lucky, the health records were typed; heaven help you if they were in a doctor’s famously illegible handwriting.

When a relative’s doctor retired in the 20th century, the relative requested their health records and received a huge pile of paper dating back to who knows when. In that form, it was about as useful as the huge file cabinets in which the U.S. Federal Bureau of Investigation used to store its millions of fingerprint cards. And unfortunately, paper health records didn’t have the health equivalent of a “Henry system” to find individual records quickly.

The two purposes of an electronic health record

So now that we have electronic health records, why do we have them?

To make life easier for the doctor? Of course not.
To make life easier for the patient? Definitely not.

Electronic health records have evolved to serve two OTHER parties.

First, electronic health records serve the billers

I can’t speak to countries other than my own, but in the United States the health “system” is a mishmash of multiple parties. For example, when I had a colonoscopy a few years ago, the following entities were somehow involved:

The doctor who performed the colonoscopy.
The facility where the doctor performed the colonoscopy.
The anaesthesiologist who assisted with the colonoscopy.
My insurance company.
My former company (via COBRA) who provided me with the insurance.
And probably a half dozen other entities that I missed who somehow got a cut.

So this one procedure created one, or perhaps multiple, electronic health records (perhaps even with pictures) describing every chargeable thing that could be itemized during my time in the facility. All with the proper billing codes (Current Procedural Terminology or CPT codes) and the like, so that every entity can pay what they’re supposed to pay. And if a particular thing wasn’t covered by insurance, then I had to pay it.

The most important thing is to get the billing codes right…never mind how hard it is to ENTER all the billing codes.

But the good news is that when electronic health records systems integrate with medical billing systems, the process is kinda sorta streamlined:

“By integrating EHR and billing software, healthcare providers can automate various aspects of the billing workflow, resulting in increased efficiency, reduced manual work, and other tangible benefits.”

Second, electronic health records serve the lawyers and regulators

But it’s not only the billers who need information.

To practice medicine in the State of California, you have to perform a colonoscopy in accordance with medically approved procedures. And you have to document that you did so.

If I had died on the operating table during my colonoscopy, then a number of private and government entities would have a keen interest in what was performed during the colonoscopy. And the electronic health record would be one of the main sources of information about what happened, and perhaps what went wrong. And who was responsible. The doctor? The facility? The anaesthesiologist? Someone else?

But even when things don’t go spectacularly wrong, there are laws and regulations that mandate EHR use.

“The “EHR mandate” refers to the federal requirement for eligible healthcare providers to adopt and use certified EHR technology. Primarily affecting providers who accept Medicare, participation in MIPS and the Promoting Interoperability program requires CEHRT to avoid negative payment adjustments, which effectively necessitates EHR use.”

The result

So now the medical field has these wonderful EHRs that comply with billing requirements and legal requirements.

But are they easy to use? Forbes covered this.

“For instance, emergency medicine physicians at one health system must click 14 times to order Tylenol—that’s a lot. Yet, those at another health system using the same EHR must click 61 times!”

And that’s just for Tylenol. I’m sure it’s a lot worse for the camera that looked at my colon.

It could have been worse, because many Americans are not healthy.

“[O]ur patients have increasingly complex health needs. More than 40% of American adults have at least two chronic conditions, one-third take at least three medications, and one-fifth suffer from mental illness.”

Put these and other things together, and EHRs have become (as I said before) “a pain in a particular body part.”

So that’s the problem with EHRs. Later I’ll look at the solutions, including:

(Because I’m the biometric product marketing expert) tying an EHR to a person
The companies working on improving EHRs with you-know-what

Oklahoma Consumer Data Privacy Act…For Now

Yet another state has passed its own data privacy law, with the Oklahoma Consumer Data Privacy Act signed last month and taking effect in 2027. The key particulars:

“OKDPA grants consumers a set of rights…including rights of access, deletion, correction, and portability, and rights to opt-out of targeted advertising, sale, or profiling “in furtherance of a decision that produces a legal or similarly significant effect concerning the consumer.””

As for enforcement:

“Enforcement authority rests with the Oklahoma Attorney General.The bill includes a mandatory 30-day cure period, which does not sunset. The law imposes civil penalties of up to $7,500 per violation.”

As of now, between 19 and 22 states have privacy laws, depending upon how you count.

Some aren’t counting Florida because of its limited scope. It only applies to companies with over $1 billion in revenue.

Some aren’t counting Illinois because BIPA only applies to biometrics.

Some aren’t counting Oklahoma yet because it’s so new.

But we can agree that many states have privacy laws.

For now

And if some have their way, they will all disappear, to be replaced by a single uniform federal law. However, the level of preemption of state laws is an issue of discussion. The Future of Privacy Forum has addressed preemption here.

And if you need to write about privacy, biometric or otherwise, Bredemarket can help. Click below to book a free meeting with me.

Stop losing prospects! Use Bredemarket content for tech marketers

Content for tech marketers.

Here is a video about my services.

Bredemarket: Services, Process, and Pricing.

When is a Law Enforcement Camera a Law Enforcement Camera?

Many years ago I was driving on Holt Boulevard in Montclair, California, preparing to make a left turn on Central. I followed the vehicle behind me and made my left turn…only then noticing that the left turn light was now red.

As the registered owner of the vehicle I was driving, I received an email from the city of Montclair a few days later. Because this is when Montclair was using cameras for traffic enforcement.

Off to traffic school.

Montclair doesn’t use traffic cameras any more, but all sorts of cameras are owned by, or accessible to, law enforcement agencies.

But how should they be used?

404 Media reported that the Georgia State Patrol accesses Flock cameras, for the intended purpose of gathering information for serious crimes. But what happens when the camera captures something not serious?

“Georgia State Patrol used its system of Flock automated license plate reader (ALPR) surveillance cameras to issue a ticket to a motorcyclist who was allegedly looking at his cell phone while riding, according to a copy of the citation obtained by 404 Media….The incident happened December 26 in Coffee County, Georgia. The ticket lists the offense as ‘Holding/supporting wireless telecommunications device,’ and includes the note ‘CAPTURED ON FLOCK CAMERA 31 MM 1 HOLDING PHONE IN LEFT HAND.’”

The man went to court and the ticket was dropped, but 404 Media is still outraged that the ticket was issued in the first place. Not because of Georgia’s policies, but because of other policies.

“Many police departments go out of their way to tell community members that Flock cameras are not used for traffic enforcement. For example, the City of Glenwood Springs, Colorado, states in a FAQ that “GSPD [Glenwood Springs Police Department] does not use Flock cameras for traffic enforcement, parking enforcement, or minor code violations.” El Paso, Texas, tells residents “these are not traffic enforcement cameras. They do not issue tickets, do not monitor speed, and do not generate revenue. They are investigative tools used after crimes occur.” Lynwood, Washington tells residents “these cameras will not be used for traffic infractions, immigration enforcement, or monitoring First Amendment-protected expressive activity” (Flock cameras have now been used for all of these purposes, as we have reported.)”

You will recall that I addressed another Flock Safety case, in which a citizen made public records requests from two Washington state jurisdictions. The jurisdictions said that they didn’t have the data; Flock Safety did. Flock Safety said that it had deleted the data.

Basically, Flock Safety is controversial, and some people are going to oppose ANYTHING they do. Even when Flock Safety technology protects people from dangerous drivers.

My view is that if a camera is used by a law enforcement agency, and there is no law prohibiting the law enforcement agency from using a camera for a particular purpose, then the agency can use the camera. There appears to be no such law in Georgia, so I’m not bent out of shape over this.

What are your thoughts? Is this a privacy violation?

You CAN Modernize…But Should You?

In a huddle space in an office, a smiling robot named Bredebot places his robotic arms on a wildebeest and a wombat, encouraging them to collaborate on a product marketing initiative.

In the past, I have said:

“[T]he technology is easy. The business part is the difficult part.”

But Chris Burt of Biometric Update phrased it more succinctly:

“[P]olicy chases modernization”

As Burt notes, examples of policy chasing modernization include:

Digital sovereignty, a topic of discussion with everyone from ID4Africa to an organization called the World Ethical Data Foundation. (As an aside, a Bredemarket client and I were recently discussing the pros and cons of managing digital identities in the cloud vs. peer-to-peer synchronization.)

Cybersecurity and digital identity, a topic of discussion in government (the White House, NIST) and industry (Jordan Burris of Socure).

Other topics, including police facial recognition policy. (Hmm…I recall that both government and vendor biometric policies were the topic of a Biometric Update guest article last year.)

All of you recall Pandora’s Box. I’ve used the story multiple times, including when discussing my creation of Bredebot and its nearly-instantaneous hallucinations. Yes, I do have “policies” regarding this “modernization,” including full disclosure.

But are policies enough?

Data Labelers Gonna Label, and Class Action Lawyers Gonna Lawyer

On Wednesday, I described how Meta’s Kenyan data labelers ended up watching explicit videos from people who presumably didn’t know that smart glasses were recording their activity.

To no one’s surprise, class action lawyers are now involved.

“In the newly filed complaint, plaintiffs Gina Bartone of New Jersey and Mateo Canu of California, represented by the public interest-focused Clarkson Law Firm, allege that Meta violated privacy laws and engaged in false advertising.

“The complaint alleges that the Meta AI smart glasses are advertised using promises like “designed for privacy, controlled by you,” and “built for your privacy,” which might not lead customers to assume their glasses’ footage, including intimate moments, was being watched by overseas workers. The plaintiffs believed Meta’s marketing and said they saw no disclaimer or information that contradicted the advertised privacy protections.”

So what does Meta say?

Meta. From https://www.meta.com/ai-glasses/privacy/.

“Clear, easy device and app settings help you manage your information, giving you control over what content you choose to share with others, and when.”

Except that according to Clarkson, people can’t opt out of the data labeling process.

This could get very revealing.

“We Use AI.” And We Use YOUR (Non-copyrighted) AI.

A private social media comment got me thinking. I will gladly credit the author, with their permission.

“If a U.S. federal court says that you can’t copyright AI generated content, an appellate court upholds that ruling, and the SCOTUS refuses to hear the case, what are the implications for software generated by LLMs?”

Think about that the next time Company X publishes its marketing message “we use AI.”

What if Company X’s code and prompts were themselves written with AI?

Couldn’t Company Y take Company X’s non-copyrightable code and run it without penalty, like open source code?

Now Company X would be forced to prove that it does NOT use AI. For its code, anyway.

Fingerprint Evidence in Court

For…a long time I’ve been talking about whether fingerprint evidence is accepted in court. But until now I never had access to an easy-to-use database of court cases.

Mike Bowers shared a release from the Wilson Center for Science and Justice at Duke Law, “New Database Documents a Century of Court Decisions on Forensic Expert Evidence Testimony.”

The fingerprint database can be accessed here.

From the Fingerprint Expert Evidence database, https://forensic-case-databases.law.duke.edu/data/fingerprints/,

Here’s an example of the case details for the (current) most recent record:

Case

Commonwealth v. Honsch, 22 N.E.3d 287 (Mass. 2024)

Year

2024

Jurisdiction

Massachusetts

Type of Proceeding

Appellate

Other fields

CourtSupreme Judicial Court of Massachusetts, Hampden

Expert Evidence Ruling Reversing or Affirming on AppealAdmitted

RulingCorrect to admit

Type of EvidenceFingerprint

Defense or Prosecution ExpertProsecution

Summary of Reasons for Ruling

The Commonwealth here presented two latent print analysts as experts. One multiple times that it was his “scientific opinion” that there were three latent prints that were “identified to” the palms of the defendant. The term “scientific” to describe his opinion “arguably verged on suggesting that the ACE-V process is more scientific than warranted,” and there was one instance in which Dolan testified without using the term “opinion.” The court concludes that there was no error because, “viewed as a whole,” his testimony was largely expressed in terms of an “opinion” and his testimony did not claim that the ACE-V process was infallible or absolutely certain.

On the other hand, Pivovar testified that she (i) “identified [a palm print from one of the garbage bags and the print of the defendant’s left palm] as originating from the same source”; (ii) “identif[ied] [another latent print] and the right palm print of [the defendant] as being the same, they originated from the same source”; and (iii) “identif[ied] the [third latent print] as originating from the same source as the right palm of [the defendant] that [she] compared it to.” Pivovar did not frame her testimony in terms of an “opinion” and expressed the identification of the defendant with certainty. This was error. However, the court concluded that Pivovar’s testimony did not likely influence the jury’s conclusion. Defense counsel countered the notion that individualization under the ACE-V methodology is infallible by cross-examining Pivovar on the subjectivity of latent print analysis, the fact that two prints are never identical, and a recent incident in which the Federal Bureau of Investigation erroneously identified a suspect based on an incorrect latent print analysis. The defendant also presented an expert detailing the risks of cognitive bias in latent print analysis. Additionally, the Commonwealth’s other latent print examiner, Dolan, testified as to the same findings as Pivovar. If Pivovar’s testimony had been properly framed as an opinion, there still would have been strong evidence that the prints found at Elizabeth’s crime scene originated from the defendant. Thus, even though we determine that Pivovar’s testimony was erroneously presented as fact, the error did not create a substantial likelihood of a miscarriage of justice.

Admissibility StandardLanigan-Daubert

Lower Court HearingN

Discussion of 2009 NAS ReportY

Discussion of Error Rates or ReliabilityN

Frye RulingN

Limiting Testimony RulingN

Language Imposed by Court to Limit TestimonyN

Ruling Based in Prior PrecedentY

Daubert FactorsN

Ruling on Qualifications of ExpertN

Ruling on 702(a)N

Ruling on 702(b)N

Ruling on 702(c)N

Ruling on 702(d)N

Notes—

Good resource to keep in mind.

Digital Identity: Endorsed, Or Bestowed?

Joel R. McConvey’s recent article in Biometric Update made my head spin.

“Utah’s state legislature has voted unanimously to pass SB 275, the State-Endorsed Digital Identity Program Amendments bill. The law makes Utah unique among states, in that it defines identity as something that is inherent to a person and endorsed by the state rather than bestowed by the state.

“The distinction has implications for discussions about data sovereignty – who gets to control a person’s personal information – as well as for other states pursuing digital identity programs.”

Endorsed? Bestowed? What’s up? An earlier McConvey article quotes from Utah’s Chief Privacy Officer Christopher Bramwell:

“Part of Utah’s history,” Bramwell says – “why we care so much about privacy, and this does translate directly to digital identity – is when pioneers came to Utah, it was literally for autonomy, and it was to be left alone to live their life according to the dictates of their heart. That’s why many people came to America, whether as pilgrims or pioneers or immigrants: because you want something better and you want to do it according to your conscience.”

For those whose history is rusty, Bramwell is referring to the migration of the Mormons out west. As he points out, the Mormons are not the only ones in U.S. history who came to a new land to enjoy freedom from the perceived oppressive state. The original inhabitants of Massachusetts, Rhode Island, Maryland, and Pennsylvania also fall within this tradition.

Bramwell continues:

““And that’s a lot of what we’re talking about with digital ID. You need to engage in the free market, but do it according to your choice without being tracked, without being surveilled, without undue influence on how you’re operating. So you can live your life in the digital realm according to the dictates of your heart and how you and your family see fit.”

“Our approach is to separate identity from any privileges or licenses that are given by government. Identity should be separate, so that it is not something that there’s any reason to ever take away.”

But this is not just a religious issue, as the American Civil Liberties Union points out.

“The philosophical underpinning of the state’s SEDI concept is that “identity” is not something bestowed by the state, but that inherently belongs to the individual; the state merely “endorses” a person’s ID.”

Of the six major underpinnings of SEDI, the third is of interest here:

“Individual control,” in which the state throws its weight behind a movement known as “user-centric” or “self-sovereign” identity, that strives to ensure that government identification systems are used to empower individuals, not to control them.

So what does self-sovereign, endorsed identity mean from a legal standpoint? Let’s look at the opening section of the most recent bill, Utah’s SB 275:

63A-20-101. Digital identity bill of rights.

The following rights constitute the digital identity bill of rights in this state:

(1)An individual possesses an individual identity innate to the individual’s existence and independent of the state, which identity is fundamental and inalienable.

(2)An individual has a right to the management and control of the individual’s digital identity to protect individual privacy.

(3)An individual has a right to choose, receive, and use a physical form of identity assertion that is endorsed by the state.

(4)An individual has a right to not be compelled by the state to possess, use, or rely upon a digital form of identity assertion in place of a physical form of identity assertion that is endorsed by the state.

(5)An individual has a right to state endorsement of the individual’s digital identity upon meeting objective, uniform standards for eligibility and verification established by law, and a right to not have such endorsement arbitrarily or discriminatorily withheld or revoked.

(6)An individual has a right to have the state’s operation of digital identity systems governed by clear standards established by the Legislature, including for eligibility, issuance, endorsement, acceptance, revocation, or interoperability of digital identityassertions.

(7)An individual has a right to transparency in the design and operation of a state digital identity, including the right to access, read, and review the standards and technical specifications upon which the state digital identity is built and operates.

(8)An individual has the right to choose what identity attributes are disclosed by the individual’s state digital identity in accordance with standards established by theLegislature.

(9)An individual has the right to any service or benefit to which the individual is otherwise lawfully entitled based on the individual’s choice of a lawful format or means of identity assertion without denial, diminishment, or condition.

(10)An individual has a right to be free from surveillance, profiling, tracking, or persistent monitoring of the individual’s assertions of digital identity by the state, except as authorized by law.

(11)An individual has a right to not be required by the state to surrender the individual’s device in order to present the individual’s digital identity.

Of course, once you leave the state of Utah and reside in another state, that state will BESTOW an identity upon you.

And while this controls what the state of Utah can do, it does not apply to a FEDERAL digital identity, such as a future digital U.S. passport.

If the City Fails, Try the County (Milwaukee and Biometrica)

The facial recognition brouhaha in southeastern Wisconsin has taken an interesting turn.

According to Urban Milwaukee, the Milwaukee County Sheriff’s Office is pursuing an agreement with Biometrica for facial recognition services.

The, um, benefit? No cost to the county.

“However, the contract would not need to be approved by the Milwaukee County Board of Supervisors, because there would be no cost to the county associated with the contract. Biometrica offers its services to law enforcement agencies in exchange for millions of mugshots.”

Sound familiar? Chris Burt thinks so.

“Milwaukee Police Department has also attempted to contract Biometrica’s services, prompting pushback, at least some of which reflected confusion about how the system works….

“The mooted agreement between Biometrica and MPD would have added 2.5 million images to the database.

“In theory, if MCSO signs a contract with Biometrica, it could perform facial recognition searches at the request of MPD.”

See Bredemarket’s previous posts on the city efforts that are now on hold.

And counties also.

No guarantee that the County will approve what the City didn’t. And considering the bad press from the City’s efforts, including using software BEFORE adopting a policy on its use, it’s going to be an uphill struggle.

CCAASS(tm)

“Commercials, Concerts, And a Sports Show”(tm) is a trademark of Bredemarket. CCAASS may be freely used by any entity to refer to the sporting event taking place in Santa Clara, California on Sunday, February 8, 2026. This saves you from having to refer to The Big Game or The Bowl That Will Not Be Named. See FindLaw for the legalities: https://www.findlaw.com/legalblogs/small-business/legal-to-use-super-bowl-in-ads-for-your-biz/

So for those of us not on Kalshi or other futures or betting markets, who will win the CCAASS? (The sporting part, not the commercial competition.)

As a Commanders fan, I have no wildebeest in the hunt.

Bredemarket has no current clients in the states of Massachusetts or Washington.

There are former IDEMIA employees in both states.

Ex Incode employee (and ex employee of a former Bredemarket client) Gene Volfe lives in an NFC West city, but the team in that city is a bitter rival of the Seahawks.

With no clear preference, I lean toward the NFC rather than the AFC in the CCAASS.

Go Saltwater Birds!