Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using Encryption Garners Exemption For Data Breach Notification

Posted by timothy on Saturday September 19, 2009 @09:59AM from the keep-your-breeches-on dept.

Combat Wombat writes with this excerpt from the Register: "New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no longer be obliged to notify clients of breaches."

2 of 101 comments (clear)

Min score:

Reason:

Sort:

XOR! by DarkFencer · 2009-09-19 10:06 · Score: 4, Interesting

So all they have to do is 'encrypt' it? XOR here we come!
Seriously - is there any guide to what TYPES of encryption are covered under this? Otherwise its inane.
1. Re:XOR! by Pieroxy · 2009-09-19 11:01 · Score: 5, Interesting
  
  In any case, you need a key to decrypt your data. If the guy that broke in got the key along with the data, no amount of cryptography is going to help. Usually, from experience, the key is very often to close to the data.
  In a company I worked for, we had to set up a bridge between two web apps. We chose an SSO-like solution who worked well on the paper, but the devil is on the details. The guys on the other application decided to encrypt the SSO key in JavaScript on the client.... So the key ended up in clear text in the source of the page!
  Oh well....
  
  --
  Write boring code, not shiny code!