I was having a conversation with a colleague today who reminded me of the new meaning of ‘Don’t ask – don’t tell’ when it comes to breach disclosure.
I actually heard this theme from health care clinics and companies in response to some of the new health care reform acts, including the one that addresses electronic health care records.
That is, according to the new laws, health care companies must disclose breaches that they discover. But if they don’t discover them, they don’t need to disclose them. I had one health care clinic tell me that a sister-hospital had a proof of concept test with a vendor that monitored access to their systems for abuse, misuse, and assorted types of information leaks. They were shocked by the misuse and abuse that was uncovered and told the vendor to go away and not come back. They didn’t want to know about the incidents because they didn’t want to disclose them.
So much for government incentives.
Read Complimentary Relevant Research
Predicts 2017: Artificial Intelligence
Artificial intelligence is changing the way in which organizations innovate and communicate their processes, products and services. Practical...
View Relevant Webinars
An Integrated Approach to Strengthening Your Supply Chain
Digital disruption and the weakening global economy have made profitable growth more challenging than ever. Yet, some CSCOs are able...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.