Information Security in Virtual Space? You've got to be joking. Use the pigeon. It's safer.

That tale is a tacit admission that information security guarantees are an impossible dream.

Re ...Oes-Day Ig-Pay Atin-Lay Cryption-Enlay Ount-Cay?

If used in a sensitive environment, Alacrity Fitzhugh, it would more likely land you in 00 hot water .... which if you are lucky would be licensed to thrill.

Heard a Rumor

that the encryption witll be either in Navajo or Bureaucratese, two languages that no normal human can understand.

Risk of significant harm!?!!

Encryption is not the only problem - the states that do have risk as a criteria for notification (as opposed to a strict requirement on breach) usually frame it as a risk of the malicious use of data.

Risk of significant harm is a totally different level - especially as all the class action lawsuits keep getting thrown out as the courts say that no-one can show any harm - even when the data is stolen by criminals who intend to use it to steal money!

Misleading

This article is misleading. Prior to the President signing the American Recovery and Reinvestment Act (including the HITECH Act) there was no notification requirement at all for a breach of health information, unless that breach fell within the scope of existing state breach notification laws. To say providers "...will no longer be obliged to notify clients..." makes it sound like they're taking a step backwards when in fact they're taking a big step forward. The Department of Health and Human Services is one of the few federal agencies that actually seems to get it when it comes to security and privacy. I'm not sure why anyone would slam their efforts. If anything, you should be encouraging other federal agencies to follow their lead.

I hope that the quote by Mark Bower was taken out of context because it barely makes sense. Anybody that doesn't appreciate the challenges that the Department of Health and Human Services faces clearly hasn't attempted to do this type of work themselves.