New US healthcare rules criticized by encryption experts

September 21st, 2009 by Agent Smith (1) Laws & Standards

The data breach rules that become effective on September 23rd have been harshly criticized by a security firm specializing in encryption. According to the Health Information Technology for Economic and Clinical Health (HITECH) Act, US health organization using encryption will no longer be required to    notify their clients of data breaches, regardless of how ineffective the encryption system is.

According to the act, only healthcare providers and plans that have implemented the HIPAA standards but fail to encrypt the sensitive data they keep on their clients will have to let individuals know their private details have been breached. Even in such a case, explains The Register, it will be up to each organization to decide if there is a real risk for those affected and only afterward issue data breach notices.

“The protection law should address everyone – including those who have already implemented encryption, since most encryption systems are point-to-point even when they say otherwise,” said Mark Bower, director of information protection solutions at Voltage Security.

In its present form, the HITECH Act provides a quick and often inefficient fix to make ammends with data security rules.

One Response to “New US healthcare rules criticized by encryption experts”

  1. What We’re Reading, Week of 9/21 « VPN Haus Says:
    September 24th, 2009 at 10:54 pm

    [...] New US healthcare rules criticized by encryption experts Agent Smith reports on the new data breach rules which became effective September 23rd. According [...]

Leave a Reply

© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML