Those of us in health care IT are obsessed with security, and rightly so -- we're dealing with some of the most personal information imaginable, and none of this works if it doesn't engender the trust of patients and physicians alike. So, I guess I'm more attuned to security policies and technologies than any normal person ought to be.
With that in mind, I was intrigued by the story that the restaurant chain Ruby Tuesday is moving to an "ultra-secure credit card processing system". (Maybe it's just me, but their adding the word "ultra" here doesn't make me feel better -- reminds me of Animal House, when Dean Wormer puts Delta House on "double secret probation"). As described by the company's hometown newspaper, The Daily News Journal, the system "leaves no credit card information at the restaurant and is instead sent to the bank in encrypted form."
I'll bet that most people would be surprised to learn that they weren't already doing this. You kept my credit card information? But you already got your money -- who gave you permission to keep it beyond that. You're going to start using encrypted communication? You mean, you don't do that now???
A USA Today story on the same topic reports that some restaurants like Hooters and Legal Seafoods are now looking at using mobile credit card systems that allow the credit card transactions to happen at your table. (Many possibile jokes here -- I'm not going there.) I was in Europe last summer with my family and I noticed that every restaurant we went to in Spain and France had such devices. I don't know why the US is so far behind.
The story also reports that Massachusetts (my home state) is considering a law that would penalize companies for credit card data breaches. That's interesting, because Massachusetts is one of a minority of states that doesn't have a breach notification law today (please see: Massachusetts among 16 states that don't have breach notification laws).
I've written before about my personal experiences at Marshall's and Home Depot where I learned how much info they keep (please see: Identity theft and digital records). Think of all of the loosely protected mini-repositories of credit card info out there -- basically every store you go to -- and how much of that information is flying through the ether without basic encryption protections. Patients and physicians should take comfort knowing that modern health IT systems and processes aim higher than that.