Slashdot Mirror


Recourse For Draconian Encryption Requirements?

CryoStasis writes in with this question, which likely resulted from the new Massachusetts data security law. "I work for a major hospital in the Northeast. Recently the hospital has taken it upon itself to increase its general level of computer security. As a result they now require full-disk encryption on any computer connected to their network on site. Although I think this stance is perhaps a little over-exuberant, most of these computers are machines that have been purchased with hospital funding. In the department that I work in, however, many of the employees (myself included) bring their own personal machines to work every day. For obvious reasons we're rather reluctant to allow the hospital's IT staff to attempt installation of the encryption software. Those who have allowed the installation have had major problems afterwards, on both Macs and Windows machines — ranging from severe/total data loss to frequent crashes to general slowness — which the hospital does very little to remedy. To make matters worse, the hospital is now demanding that any machine that is used to check email (via email clients or webmail directly) be encrypted, including desktop-style machines at home, which must be brought in to the IT department, as they refuse to distribute the encryption software to the employees for install. By monitoring email access they have begun harassing employees who check email from off campus, stating that their email/login access will be disabled unless they bring in their computers. I have no intention of letting these people install anything on my machine, particularly software of which their IT staff clearly doesn't have a solid grasp. Have other Slashdot readers come across this kind of a problem? Do I have any recourse, legal or otherwise, to stop them from requiring me to install software on my personal machines?"

1 of 555 comments (clear)

  1. Re:Find a new job by capnchicken · · Score: 5, Interesting

    I'm sorry, you must be under the impression that systems in a hospital are integrated in SOME fashion. They are not, and I've never heard of one that was, although my experience with them only spans about 7 years and only includes 3 U.S. states (not Mass). Electronic medical records are just now KIND OF being integrated and usually only at expensive hospitals. And I have yet to see a medical diagnostic device that didn't run in it's own vendor supported proprietary bubble. So having a virus run amok doesn't really concern me as it would get stopped in its tracks by the entire clusterfuck that is Healthcare IT.

    Healthcare IT is a vendor lock-in, non-integrated mess and having IT run around and lose people's data with some mandated encryption system they probably bought from a snake oil salesman is probably worse than any scenario you might be thinking about.

    --
    A libertarian shat on my carpet once. Claimed the free market would sort it out. -Ford Prefect(8777)