Hacker News new | comments | ask | show | jobs | submit login

It's hard to know without inspecting the exact data involved, but I feel like this is dangerously close to a HIPAA or HITECH breach, and I know of several hospitals who are strongly on the Microsoft bandwagon and are considering Windows 10.

The "send search data to an internet endpoint even if it's patently obvious that the search is for local resources" reeks strongly of Ubuntu's Amazon Shopping Lens. Did Mark Shuttleworth switch gears from Canonical to Microsoft when I wasn't looking?




> It's hard to know without inspecting the exact data involved, but I feel like this is dangerously close to a HIPAA or HITECH breach

Perhaps pedantic, but that's redundant; HITECH doesn't define breaches separately from HIPAA, it establishes standards for when HIPAA data is "unsecured" and reporting requirements, etc., related to HIPAA breaches.


I'm aware; my point was that there are HITECH implications as well that would be very hard to address with Windows 10 if my suspicions are correct; it would be hard to meet the breach reporting and notification requirements when the operating system may very well be actively siphoning PII even when supposedly configured to do otherwise. The only safe option is to assume that any patient data that exists on a Windows 10 system is unsecured unless that system is entirely disconnected from any kind of network or until Windows 10 is significantly more transparent about what it's doing behind users' backs.

Of course, this is speculation right now, and perhaps my concerns are unfounded, but I can already imagine some old doctor typing "J. Random Hacker biopsy" into that Start Menu search field in the hopes of finding some document and inadvertently sending the fact that J. Random Hacker had a biopsy to Microsoft and potentially some advertising partners (depending on the nature of such transmissions).




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: