Shostack + Friends Blog Archive


Schneier, Solove on Medical Privacy

In U.S. Medical Privacy Law Gutted, Bruce Schneier analyzes the new rules on who gets prosecuted for violating your medical privacy. Answer: fewer people than you’d think or hope:

I’ve been to my share of HIPAA security conferences. To the extent that big health is following the HIPAA law — and to a large extent, they’re waiting to see how it’s enforced — they are doing so because of the criminal penalties. They know that the civil penalties aren’t that large, and are a cost of doing business. But the criminal penalties were real. Now that they’re gone, the pressure on big health to protect patient privacy is greatly diminished.

In “How HIPAA Was Undermined,” Daniel Solove quotes Peter Swire:

Now, seeing that the federal government has created immunity for bad actors, all these people may wonder why they tried so hard to do the right thing.

Solove’s article is worth reading in full.

One comment on "Schneier, Solove on Medical Privacy"

Comments are closed.