Technology

59674 readers

3115 users here now

This is a most excellent place for technology news and articles.

Our Rules

Follow the lemmy.world rules.
Only tech related content.
Be excellent to each another!
Mod approved content bots can post up to 10 articles per day.
Threads asking for personal tech support may be deleted.
Politics threads may be removed.
No memes allowed as posts, OK to post as comments.
Only approved bots from the list below, to ask if your bot can be added please contact us.
Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago

MODERATORS

504

NYPD faces backlash as it prepares to encrypt radio communications | New York | The Guardian (www.theguardian.com)

submitted 10 months ago by fne8w2ah@lemmy.world to c/technology@lemmy.world

137 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] CaptainSpaceman@lemmy.world 9 points 10 months ago (21 children)

What kind of situations?

[–] godzillabacter@lemmy.world 34 points 10 months ago (10 children)

EMS communication over unencrypted channels is limited by HIPAA, patient information must be kept vague to protect patient privacy. In the event that, say, an individuals name needs to be given to the receiving facility to facilitate review of records prior to arrival by the ER physician, some other method of communication has to be used.

[+] themeatbridge@lemmy.world -9 points 10 months ago* (last edited 10 months ago) (5 children)

Encryption on radio communications would not help that at all. It would still be a HIPAA violation to share sensitive information on a broadcast, even if it is encrypted.

Edit: I hope y'all downvoters aren't actually responsible for patient information.

[–] lolcatnip@reddthat.com 1 points 10 months ago (1 children)

Source? If you broadcast encrypted data you're not sharing it with anyone who doesn't have the right key to decrypt it. Someone could theoretically crack the encryption, but literally every method of transmitting information is vulnerable to being intercepted by a sufficiently motivated attacker.

[–] themeatbridge@lemmy.world 4 points 10 months ago* (last edited 10 months ago) (1 children)

I'll copy my reply to the above, but add that someone who has the key to encrypt a broadcast doesn't necessarily have a need to receive private health information. Law enforcement officials may receive protected information if they need it in the course of their duties. Private health information should only be shared in a secure communication, but encrypting the broadcast doesn't change the fact that

This is like HIPAA training 101 stuff. If you're a doctor at a hospital, you might be able to access any patient's records. But if you peek at a celebrity's serologies, you've violated HIPAA. Broadcasting on an encrypted channel would be like posting test results in a locker room and arguing that it's OK because only doctors have a key to the room. Having access to information is not the same as needing access to information, regardless of whether everyone has their paperwork in order.

That's absurd. There are very specific guidelines for sharing protected health information with and among law enforcement. There is no paperwork that "all receiving parties" can fill out to cover a blanket broadcast of protected information to anyone with an encrypted police radio. You would still need to have a specific purpose for disclosure, and disclose only the required information to only the necessary parties. An encrypted channel would still be available to dispatchers, administrators, and a bunch of random people that don't need to receive that information.

Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes under the following six circumstances, and subject to specified conditions: (1) as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; (2) to identify or locate a suspect, fugitive, material witness, or missing person; (3) in response to a law enforcement official's request for information about a victim or suspected victim of a crime; (4) to alert law enforcement of a person's death, if the covered entity suspects that criminal activity caused the death; (5) when a covered entity believes that protected health information is evidence of a crime that occurred on its premises; and (6) by a covered health care provider in a medical emergency not occurring on its premises, when necessary to inform law enforcement about the commission and nature of a crime, the location of the crime or crime victims, and the perpetrator of the crime.34

https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html

[–] lolcatnip@reddthat.com 1 points 10 months ago

Ok, I think I see where our disagreement is. Would you agree that an encrypted broadcast is ok if you encrypt the sensitive information with a key that is only accessible to the specific individuals who need it? Not that I see any advantage to doing so—it's just a hypothetical scenario.

load more comments (3 replies)

load more comments (7 replies)

load more comments (17 replies)