The self-encrypting drive you may already own

Discussion in 'hardware' started by MrBrian, Feb 26, 2014.

Thread Status:
Not open for further replies.
  1. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  2. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,088
    An of interest quote from that article:

    Makes one suspect that HIPAA, and perhaps other regulation, is less strict than it should be. Spotted some questionable things at http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule/index.html, but don't have the time to try to think things through.
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I am not okay with this and would like to know what jurisdictions that "safe harbor" rule applies.

    If my mind is working right this morning, that says if a notebook with patient data on it is stolen, they (those responsible for keeping the notebook and data secure) do not have to notify the patients if the drive was encrypted.

    I don't like it for 3 main reasons. (1) This is all about saving the keeper of the notebook and patient data from embarrassment (and apparent scrutiny) for failing to do their job of protecting patient privacy. This article is all about hiding or covering up their screw-up, and nothing about keeping "us" and our data safe. :mad:

    (2) It assumes the encryption cannot be broken.

    (3) It "appears" to go on the honor system where the keeper can just claim the data was encrypted - they do not have to prove it.
     
  4. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Having several clients that are in doctors offices, pediatrician offices, hospitals, etc. HIPAA laws are strict, but audits are few and far between. There is a checklist they offer from the IT standpoint.

    http://www.ihs.gov/hipaa/documents/ihs_hipaa_security_checklist.pdf
     
Loading...
Thread Status:
Not open for further replies.