I was having a conversation with a colleague today who reminded me of the new meaning of ‘Don’t ask – don’t tell’ when it comes to breach disclosure.
I actually heard this theme from health care clinics and companies in response to some of the new health care reform acts, including the one that addresses electronic health care records.
That is, according to the new laws, health care companies must disclose breaches that they discover. But if they don’t discover them, they don’t need to disclose them. I had one health care clinic tell me that a sister-hospital had a proof of concept test with a vendor that monitored access to their systems for abuse, misuse, and assorted types of information leaks. They were shocked by the misuse and abuse that was uncovered and told the vendor to go away and not come back. They didn’t want to know about the incidents because they didn’t want to disclose them.
So much for government incentives.
Category: Uncategorized Tags: