June 08, 2005

Changing the Rules Mid-Game

From Bruce Schneier's excellent security blog comes word that the Justice Department has gutted HIPAA -- the medical privacy act that was passed in 1996. From the New York Times article, Ruling Limits Prosecutions of People Who Violate Law on Privacy of Medical Records (here's BugMeNot if you aren't inclined to register with them):
An authoritative new ruling by the Justice Department sharply limits the government's ability to prosecute people for criminal violations of the law that protects the privacy of medical records.

The criminal penalties, the department said, apply to insurers, doctors, hospitals and other providers - but not necessarily their employees or outsiders who steal personal health data.

In short, the department said, people who work for an entity covered by the federal privacy law are not automatically covered by that law and may not be subject to its criminal penalties ...

As Schneier put it:
This kind of thing is bigger than the security of the healthcare data of Americans. Our administration is trying to collect more data in its attempt to fight terrorism. Part of that is convincing people -- both Americans and foreigners -- that this data will be protected. When we gut privacy protections because they might inconvenience business, we're telling the world that privacy isn't one of our core concerns.

And we should trust these people to keep our biometric and other sensitive information that they want to put into the coming NID secure?!


<< Home