Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Economy
Related: About this forumFederal health privacy law doesn't require encrypted data
http://www.telegram.com/article/20150206/NEWS/302089951/1002/businessFederal health privacy law doesn't require encrypted data
Friday, February 6, 2015
By Ricardo Alonso-Zaldivar THE ASSOCIATED PRESS
WASHINGTON Insurers aren't required to encrypt consumers' data under a 1990s federal law that remains the foundation for health care privacy in the Internet age an omission that seems striking in light of the major cyberattack against Anthem.
Encryption uses mathematical formulas to scramble data, converting sensitive details coveted by intruders into gibberish. Anthem, the second-largest U.S. health insurer, has said the data stolen from a company database that stored information on 80 million people was not encrypted.
Standards lacking
The main federal health privacy law the Health Insurance Portability and Accountability Act, or HIPAA encourages encryption, but doesn't require it.
The lack of a clear encryption standard undermines public confidence, some experts say, even as the government plows ahead to spread the use of computerized medical records and promote electronic information sharing among hospitals, doctors and insurers.
--
In the 21st Century, one would expect private information to be encrypted.
InfoView thread info, including edit history
TrashPut this thread in your Trash Can (My DU » Trash Can)
BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks)
2 replies, 717 views
ShareGet links to this post and/or share on social media
AlertAlert this post for a rule violation
PowersThere are no powers you can use on this post
EditCannot edit other people's posts
ReplyReply to this post
EditCannot edit other people's posts
Rec (2)
ReplyReply to this post
2 replies
= new reply since forum marked as read
Highlight:
NoneDon't highlight anything
5 newestHighlight 5 most recent replies
Federal health privacy law doesn't require encrypted data (Original Post)
unhappycamper
Feb 2015
OP
HockeyMom
(14,337 posts)1. My techie husband works on encrypion
for software house. He said no it is not required under the law.
When I turned 65, I got all sorts of mailings for Medicare Advantage Plans. How did all these insurance companies get my name? I had no health insurance before. Did they get my name and address when I signed up online for Medicare? That information should be private too. Can they hack into the goverment sites too?
Hestia
(3,818 posts)2. By law, 3rd parties are allowed access to gov't databases. Your mailings probably came from the
SSI database.
I think the basis for the article is disingenuous - just because the law doesn't say you can, doesn't mean they can't. Does 21st century common sense have to be codified into law?