eLaws | eCases | United States Code | Federal Courts |
Home » Rulemaking » Comment on FR Doc # E9-20169

Comment on FR Doc # E9-20169

Document ID: HHS-OCR-2009-0010-0004
Document Type: Public Submission
Agency: Department Of Health And Human Services
Received Date: August 26 2009, at 11:27 AM Eastern Daylight Time
Date Posted: August 26 2009, at 12:00 AM Eastern Standard Time
Comment Start Date: August 24 2009, at 12:00 AM Eastern Standard Time
Comment Due Date: October 23 2009, at 11:59 PM Eastern Standard Time
Tracking Number: 80a12ab7
View Document:  View as format xml

View Comment

The Secretary says in the proposed rule that "and ensuring encryption keys are not breached, we clarify that covered entities and business associates should keep encryption keys on a separate device from the data that they encrypt or decrypt". You need to change "should" to "must". Storing keys along with the encrypted media is effectively the same as not using encryption.

Related Comments

    View All
Total: 113
Comment on FR Doc # E9-20169
Public Submission    Posted: 08/25/2009     ID: HHS-OCR-2009-0010-0002

Oct 23,2009 11:59 PM ET
Comment on FR Doc # E9-20169
Public Submission    Posted: 08/25/2009     ID: HHS-OCR-2009-0010-0003

Oct 23,2009 11:59 PM ET
Comment on FR Doc # E9-20169
Public Submission    Posted: 08/26/2009     ID: HHS-OCR-2009-0010-0004

Oct 23,2009 11:59 PM ET
Comment on FR Doc # E9-20169
Public Submission    Posted: 08/26/2009     ID: HHS-OCR-2009-0010-0005

Oct 23,2009 11:59 PM ET
Comment on FR Doc # E9-20169
Public Submission    Posted: 08/31/2009     ID: HHS-OCR-2009-0010-0008

Oct 23,2009 11:59 PM ET