|
|
|
|
|
|
by btown
25 days ago
|
|
|
It's worth noting that cybersecurity requirements can be a mechanism of control. As a government regime, do you want to build an effective surveillance system where health data on large numbers of suspects can be pulled into a data fusion system at the push of a button, once a judicial framework for rubber-stamping is in place? And do you want to be able to pressure vendors into not supporting certain types of research/analysis and even direct patient care that could be construed/presented as counter to the regime's goals? Both of these are easier when smaller vendors are forced out and larger vendors are the only ones left standing. As such, regulatory capture becomes a mutually beneficial tool to dominant vendors and regulators alike. There are few coincidences when lobbying is involved. Which is not to say that cybersecurity improvements aren't a good thing! But speed and mechanisms of required rollout need to be balanced. And with the numerous signatories of [0] opposing the rule and describing "unreasonable implementation timelines," it's hard to say that this is entirely done in the interest of patients. [0] https://assets.ctfassets.net/opszt4tga0mx/4QrJlGP2EkCiZjgvGx... (2025) |
|
|
> As a government regime, do you want to build an effective surveillance system where health data on large numbers of suspects can be pulled into a data fusion system at the push of a button, once a judicial framework for rubber-stamping is in place?
Sure, and I'm right there with you that people should protest frameworks for judicial rubber-stamping. But HIPAA is like the only privacy law in America, basically, and having it mandate that medical data is encrypted can be good on its own.
While there are standardized formats for medical data, many are so ill-adopted that building some sort of surveillance system would be a monumental task; the bulk of data I've worked with has been in poorly documented, non-standard formats.
> Both of these are easier when smaller vendors are forced out and larger vendors are the only ones left standing
Clearer regulations and standardized, interoperable data formats benefit smaller players.