HHS and AES and NIST (acronyms rool ok)

Donald ramsbottom donald at ramsbottom.co.uk
Wed, 07 Mar 2001 15:18:10 +0000 

Below are two snippets from E commerce weekly ezine (see copyright bumph
below). The first is to do with patient confidentiality and the second for
those who do  not know is some blurb about AES being adopted and NIST
comments. If bored  by now do not read.


"-    HHS Re-opens Comment Period on HIPAA Privacy Standards
Department of Health and Human Services (HHS) Secretary Tommy Thompson
announced on February 23 that HHS is re-opening the rulemaking on its
Standards for Privacy of Individually Identifiable Health Information to
allow for additional comments.  Required by the Health Insurance Portability
and Accountability Act of 1996 (HIPAA), and originally scheduled to take
effect on February 26, these privacy standards establish a comprehensive
regime for the protection of patient medical information (including
information in electronic form), and require prior patient consent for
almost all uses of medical information.  Because of a bureaucratic glitch,
the standards should now take effect on April 14.  However, according to
published reports, HHS will use the comments it receives to decide whether
the standards should take effect on the 14th, whether they need to be
entirely rewritten, or whether changes can be made within their existing
framework.

-    Notice of the Change in the Effective Date of the HIPAA Standards


-    NIST Releases Draft AES Specification
On February 28, the National Institute of Standards and Technology (NIST)
released a draft of the Federal Information Processing Standard (FIPS) that
specifies the Advanced Encryption Standard (AES).  The AES is based on the
Rijndael algorithm, with key lengths of 128, 192 and 256 bits.  The AES will
provide a new federally-approved encryption algorithm to replace the 56-bit
Data Encryption Standard (DES) algorithm and supplement the 168-bit Triple
DES algorithm (which is specified in FIPS 46-3).  Comments on the draft FIPS
for AES must be submitted to NIST by May 29, 2001.  

-    The NIST Federal Register Notice Regarding the AES

-    The Draft FIPS for the AES"


Copyright bumph

(C) Copyright 2000 Steptoe & Johnson LLP. 
Steptoe & Johnson LLP grants permission for the contents of this publication
to be reproduced and distributed in full free of charge, provided that: (i)
such reproduction and distribution is limited to educational and
professional non-profit use only (and not for advertising or other use);
(ii) the reproductions or distributions make no edits or changes in this
publication; and (iii) all reproductions and distributions include the name
of the author(s) and the copyright notice(s) included in the original
publication.

Donald Ramsbottom BA LLb (Hons) PGdip
Ramsbottom & Co Solicitors
Internet and Global Encryption Law Specialists & General UK  Law Matters
5 Seagrove Avenue Hayling Island Hampshire UK
Tel (44) 023 9246 5931 Fax (44) 023 9246 8349
Regulated by the Law Society in the conduct of Investment business
Service by Fax or Email NOT accepted