> The proposals include encrypting data so it cannot be accessed, even if leaked, and requiring compliance checks to ensure networks meet cybersecurity rules.
This didn’t sound like much to be honest. If your company needs to be told in 2025 to encrypt your data, the company should be shut down.
There need to be fines and jail time for breaches, along with audits that go far deeper than typical certifications where auditors just rely on evidence a companies volunteers. And also there should be required disclosure of what was leaked for each individual - retroactively - since companies like United / Change refuse to tell patients what info of theirs was stolen (same with other healthcare breaches recently). Oh and compensation for each incident to patients - this should be standard for any breach in any industry.
HIPAA must have more strict rules to be able to charge companies which don’t comply with it. Now it has many details but it looks like a list of suggestions. When something goes wrong, companies negotiate around these rules and get huge discounts on charges. People may change their leaked username/password and live with it. But this isn’t the case with PHI data. So results must be more serious for the companies.
What I want to see is retroactive accountability for United Health and their subsidiary Change Health. Why do they and many other random companies have the healthcare data of people who’ve never used them? Why did they not have two factor authentication? What fines will they pay? Which executives are going to jail?
HHS published a draft of set of changes in HIPAA. It is scheduled to be published for public review on the next Monday. There will be 60-days public review period and then there is a suggested 240-days transition period.
blackeyeblitzar|1 year ago
This didn’t sound like much to be honest. If your company needs to be told in 2025 to encrypt your data, the company should be shut down.
There need to be fines and jail time for breaches, along with audits that go far deeper than typical certifications where auditors just rely on evidence a companies volunteers. And also there should be required disclosure of what was leaked for each individual - retroactively - since companies like United / Change refuse to tell patients what info of theirs was stolen (same with other healthcare breaches recently). Oh and compensation for each incident to patients - this should be standard for any breach in any industry.
dirigeant|1 year ago
blackeyeblitzar|1 year ago
dirigeant|1 year ago
blackeyeblitzar|1 year ago
TesterVetter|1 year ago
[deleted]