Avivah Litan

A member of the Gartner Blog Network

Avivah Litan
VP Distinguished Analyst
12 years at Gartner
30 years IT industry

Avivah Litan is a Vice President and Distinguished Analyst in Gartner Research. Her area of expertise includes financial fraud, authentication, access management, identity proofing, identity theft, fraud detection and prevention applications…Read Full Bio

Coverage Areas:

Don’t ask, Don’t tell – when it comes to breach disclosure

by Avivah Litan  |  November 30, 2010  |  1 Comment

I was having a conversation with a colleague today who reminded me of the new meaning of  ‘Don’t ask – don’t tell’ when it comes to breach disclosure.

I actually heard this theme from health care clinics and companies in response to some of the new health care reform acts, including the one that addresses electronic health care records.

That is, according to the new laws, health care companies must disclose breaches that they discover. But if they don’t discover them, they don’t need to disclose them.  I had one health care clinic tell me that a sister-hospital had a proof of concept test with a vendor that monitored access to their systems for abuse, misuse, and assorted types of information leaks. They were shocked by the misuse and abuse that was uncovered and told the vendor to go away and not come back. They didn’t want to know about the incidents because they didn’t want to disclose them.

So much for government incentives.

1 Comment »

Category: Uncategorized     Tags:

1 response so far ↓