undefined | Better HN

0 pointsmajorchord16d ago0 comments

> Are you comfortable with anybody being able to ring up the hospital and say "yo, it's majorchord, how are my gonnorhea results?"

No, that's why we have safety protocols in place. When you call a doctor they ask you for your birthdate or sometimes also a PIN/password on your account to protect your data.

How would that still be considered a breach of privacy?

0 comments

scbrg15d ago

Alright. I didn't know that. "Just call them" did not sound like it included any kind of authentication procedure.

But giving birthdate (available to anyone via a single query in a public database) and (sometimes?! - what?!) PIN over the phone wouldn't really be considered good enough here. Birthdate is, as I said, public knowledge. And a phone is too insecure a medium for transmitting a password.

I'm not super interested in an long argument about whether it's reasonable that this isn't considered secure or not. I'm just letting you know what reality looks like. And the reality is that "just call them" is not a solution, because such information will simply not be handed out over the phone.

ranger_danger15d ago

> And the reality is that "just call them" is not a solution, because such information will simply not be handed out over the phone.

It already is a solution, and has been in widespread use for many decades. I don't think it's going anywhere.

j / k navigate · click thread line to collapse