New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no longer …
Information Security in Virtual Space? You've got to be joking. Use the pigeon. It's safer.
That tale is a tacit admission that information security guarantees are an impossible dream.
Department of Redundant Department
I don't know which is scarier; that health organisations in the US that use encryption will no longer be obliged to notify clients of breaches, or that they named an act the "Health Information Technology for Economic and Clinical Health" Act, including a redundancy, just so its initials spelled "HITECH".
Oes-Day Ig-Pay Atin-Lay Cryption-Enlay Ount-Cay?
At-Thay Ould-Shay Et-Gay E-May Out Of Ouble-Tray.
"Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."
--- Gene Spafford
That doesn't make sense...
Who comes up with ideas? It's obviously time to take all personal data out of the digital age as governments and corps can simply not be trusted with it.
Yes, I know it's a little late for that but we need to limit the damage somehow. The jackasses in charge obviously don't get it.
PS Alacrity Fitzhugh nice encryption method.
ROT13 will do, then?
So much more compact than pig latin...
Re ...Oes-Day Ig-Pay Atin-Lay Cryption-Enlay Ount-Cay?
If used in a sensitive environment, Alacrity Fitzhugh, it would more likely land you in 00 hot water .... which if you are lucky would be licensed to thrill.
Heard a Rumor
that the encryption witll be either in Navajo or Bureaucratese, two languages that no normal human can understand.
Risk of significant harm!?!!
Encryption is not the only problem - the states that do have risk as a criteria for notification (as opposed to a strict requirement on breach) usually frame it as a risk of the malicious use of data.
Risk of significant harm is a totally different level - especially as all the class action lawsuits keep getting thrown out as the courts say that no-one can show any harm - even when the data is stolen by criminals who intend to use it to steal money!
This article is misleading. Prior to the President signing the American Recovery and Reinvestment Act (including the HITECH Act) there was no notification requirement at all for a breach of health information, unless that breach fell within the scope of existing state breach notification laws. To say providers "...will no longer be obliged to notify clients..." makes it sound like they're taking a step backwards when in fact they're taking a big step forward. The Department of Health and Human Services is one of the few federal agencies that actually seems to get it when it comes to security and privacy. I'm not sure why anyone would slam their efforts. If anything, you should be encouraging other federal agencies to follow their lead.
I hope that the quote by Mark Bower was taken out of context because it barely makes sense. Anybody that doesn't appreciate the challenges that the Department of Health and Human Services faces clearly hasn't attempted to do this type of work themselves.
HITECH is such a silly name for this act.
I think they should have called it the 'Clinically Leveraged Information Technology and Ongoing Requirement for Infrastructure Standards' act.
One small drawback - the abbreviation is CLITORIS.