[privacy] Nevada Law Mandates Encryption of Electronically-Transmitted Personal Information
Brian Loe
knobdy at gmail.com
Mon Oct 8 18:10:36 CDT 2007
On 10/8/07, Valdis.Kletnieks at vt.edu <Valdis.Kletnieks at vt.edu> wrote:
> Go ahead and try to get that to actually fly.
Its not difficult, you add a line to the law that says no PHI will be
transmitted via FAX.
My former employer spent roughly 50k on an encrypted e-mail solution,
spending nothing to not use a FAX seems pretty easy.
> And if it was encrypted on the wire, it would *still* have been faxing
> *encrypted* perscription info that then gets printed out in plaintext to a
> bank, and spending a day calling another bank to make them stop faxing
> *encrypted* personal info that then gets printed out in plaintext.
You're a genius. See my first point - disallow FAX transmissions of
sensitive, personal information.
> The problem isn't on the wire, the problem is at the *endpoints*. Changing
> the on-wire representation doesn't fix the endpoints.
That is the case whether you are dealing with FAX machines or e-mails
or web interfaces. Someone prints the data off and leaves it on the
printer; someone fails to lock their workstation; someone loses or has
their laptop stolen. Once again we're back to the same obvious
argument, we're limiting risk not eliminating it.
More information about the privacy
mailing list