Since the mid 2000s.
I worked very hard trying to figure out how to protect patient data.
To do so requires translucent database techniques.
Which means encrypting all potential PII data at rest at the field level. Exactly like how passwords are stored, extended to all PII.
Which requires globally unique identifiers issued by CAs. Just like RealID.
Nothing will improve until people accept this fundamental technical truth.
Also, on the policy side, PII needs be be changed from an asset to a liability. And ban data hoarding stuff like targeted ads and relevant search.
Since the mid 2000s.
I worked very hard trying to figure out how to protect patient data.
To do so requires translucent database techniques.
Which means encrypting all potential PII data at rest at the field level. Exactly like how passwords are stored, extended to all PII.
Which requires globally unique identifiers issued by CAs. Just like RealID.
Nothing will improve until people accept this fundamental technical truth.
Also, on the policy side, PII needs be be changed from an asset to a liability. And ban data hoarding stuff like targeted ads and relevant search.