Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Encryption Garners Exemption For Data Breach Notification

Posted by timothy on from the keep-your-breeches-on dept.

Combat Wombat writes with this excerpt from the Register: "New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no longer be obliged to notify clients of breaches."

3 of 101 comments (clear)

  1. XOR! by DarkFencer · · Score: 4, Interesting

    So all they have to do is 'encrypt' it? XOR here we come!

    Seriously - is there any guide to what TYPES of encryption are covered under this? Otherwise its inane.

    1. Re:XOR! by Pieroxy · · Score: 5, Interesting

      In any case, you need a key to decrypt your data. If the guy that broke in got the key along with the data, no amount of cryptography is going to help. Usually, from experience, the key is very often to close to the data.

      In a company I worked for, we had to set up a bridge between two web apps. We chose an SSO-like solution who worked well on the paper, but the devil is on the details. The guys on the other application decided to encrypt the SSO key in JavaScript on the client.... So the key ended up in clear text in the source of the page!

      Oh well....

      --
      Write boring code, not shiny code!
  2. Re:Using Encryption Garner Exemption For Data Brea by belthize · · Score: 3, Interesting

    Having just read through the document and as some other folks have posted further down it's not nearly as bad as you're implying and is *less* friendly to health agencies where reporting rules are concerned.

    It's certainly written in typical bureaucrat/lawyer speak but for individuals it's a clear improvement over the current state of affairs.

    In terms of the form of these documents, I wonder if an collaborative re-write type project would fly. Get volunteers to re-write the document such that the intent and legality doesn't change but the readability is greatly increased. I noted several times where the general ordering of the document was not terribly linear, they repeated themselves or used very confusing sentence structure.