Excerpt from the Register - http://www.theregister.co.uk/2009/09/17/healthcare _breach_disclosure:
“New data breach rules for US healthcare providers have come under criticism from a security firm that specialises in encryption. As part of the Health Information Technology for Economic and Clinical Health (HITECH) Act, which comes into effect from 23 September, health organisations in the US that use encryption will no longer be obliged to notify clients of breaches.”
So let me get this straight. If someone hacks into your heath information, you have no obligation to report it so long as you were using encryption? I think we all know that encryption can be broken (not easily, but it can)….
Slashdot original post: http://yro.slashdot.org/story/09/09/19/2157217/Using-Encryption-Garners-Exemption-For-Data-Breach-Notification?from=rss
No related posts.
