back to article US healthcare data plan slammed for encryption get-out clause

New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no …

COMMENTS

This topic is closed for new posts.
  1. amanfromMars 1 Silver badge

    Information Security in Virtual Space? You've got to be joking. Use the pigeon. It's safer.

    That tale is a tacit admission that information security guarantees are an impossible dream.

  2. Jason Togneri
    Alert

    Department of Redundant Department

    I don't know which is scarier; that health organisations in the US that use encryption will no longer be obliged to notify clients of breaches, or that they named an act the "Health Information Technology for Economic and Clinical Health" Act, including a redundancy, just so its initials spelled "HITECH".

  3. Anonymous Coward
    Boffin

    Oes-Day Ig-Pay Atin-Lay Cryption-Enlay Ount-Cay?

    At-Thay Ould-Shay Et-Gay E-May Out Of Ouble-Tray.

  4. John Ellin
    FAIL

    Encryption hmmm...

    "Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."

    --- Gene Spafford

  5. Anonymous Coward
    FAIL

    That doesn't make sense...

    Who comes up with ideas? It's obviously time to take all personal data out of the digital age as governments and corps can simply not be trusted with it.

    Yes, I know it's a little late for that but we need to limit the damage somehow. The jackasses in charge obviously don't get it.

    PS Alacrity Fitzhugh nice encryption method.

  6. Jonathan Richards 1
    FAIL

    ROT13 will do, then?

    So much more compact than pig latin...

  7. amanfromMars 1 Silver badge

    Re ...Oes-Day Ig-Pay Atin-Lay Cryption-Enlay Ount-Cay?

    If used in a sensitive environment, Alacrity Fitzhugh, it would more likely land you in 00 hot water .... which if you are lucky would be licensed to thrill.

  8. Richard 102

    Heard a Rumor

    that the encryption witll be either in Navajo or Bureaucratese, two languages that no normal human can understand.

  9. Anonymous Coward
    Anonymous Coward

    Risk of significant harm!?!!

    Encryption is not the only problem - the states that do have risk as a criteria for notification (as opposed to a strict requirement on breach) usually frame it as a risk of the malicious use of data.

    Risk of significant harm is a totally different level - especially as all the class action lawsuits keep getting thrown out as the courts say that no-one can show any harm - even when the data is stolen by criminals who intend to use it to steal money!

  10. itsadug

    Misleading

    This article is misleading. Prior to the President signing the American Recovery and Reinvestment Act (including the HITECH Act) there was no notification requirement at all for a breach of health information, unless that breach fell within the scope of existing state breach notification laws. To say providers "...will no longer be obliged to notify clients..." makes it sound like they're taking a step backwards when in fact they're taking a big step forward. The Department of Health and Human Services is one of the few federal agencies that actually seems to get it when it comes to security and privacy. I'm not sure why anyone would slam their efforts. If anything, you should be encouraging other federal agencies to follow their lead.

    I hope that the quote by Mark Bower was taken out of context because it barely makes sense. Anybody that doesn't appreciate the challenges that the Department of Health and Human Services faces clearly hasn't attempted to do this type of work themselves.

  11. Anonymous Coward
    Boffin

    Silly name

    HITECH is such a silly name for this act.

    I think they should have called it the 'Clinically Leveraged Information Technology and Ongoing Requirement for Infrastructure Standards' act.

    One small drawback - the abbreviation is CLITORIS.

This topic is closed for new posts.

Other stories you might like