What are HIPAA's encryption requirements?

There's a lot of assumptions about what HIPAA states when it comes to encryption, be it over the wire, files, whatever. The fact is that HIPAA makes absolutely no requirements for encryption*, just that if there's reasonable risk, it must have encryption. What kind of encryption? What sort of strength? It does not specify*.

So to break it down:

  • Does HIPAA require encryption? No, unless there's a reasonable risk something could be read, as in over a network or what have you
  • What sort of encryption does HIPAA require? Essentially anything.

My suggestions though are:

  • You should use encryption in as many places as possible, especially if devices are storing information, almost all HIPAA data violations come from people losing laptops or whatever and the drives aren't encrypted. You can use something like TrueCrypt or even Windows EFS.
  • I suggest PGP since it's so widely implemented and available, and SSL for networks, etc since again, implementation is widely available. Where not available you can tunnel over things such as encrypted VPN connections as well.

* Source: HIPAA 45 CFR § 164.312(a)(2)(iv) and (e)(2)(ii).

By the way: IANAL/TINLA

So, what the hell is type casting anyway?

Casting is a way to take a liquid and mold it int… oh yeah

So casting is just a fancy way to refer to type conversion, that is where you change the "type" of a variable from one thing to another. For example changing a string to an integer.

How about some examples? Is that what you want?

OK, fine, you talked me into it. Here are some PHP examples:

$var = '1000';
var_dump($var); // Returns string(4) "1000"

$var = '1000';
$var = (int)$var; // Here is where we cast it
var_dump($var); // Returns int(1000)

So, who cares? What's the point?

Well, depending on what you're wanting to do, it's important to change the type, and this is especially true in languages where there is no dynamic typing (like C#) and it's still useful in languages with dynamic typing like PHP, because it allows for one to avoid potential issues with mathematics, concatenation, etc. Aside from math related things, in PHP I use (int) a lot to clean up variables for SQL queries for both safety and also so MySQL doesn't have to convert the types itself.

You can learn more about type casting in PHP specifically and why it's a great way to do certain things here: Casting int faster than intval in PHP.

A terribly uninformative guide to cross connect boxes, RTUs, SLCs

For some reason beyond me, in all of the years I've messed around with phones, be it working with them or doing things as a hobby, I can never remember the name for this:


So I wanted to create this post so in the future when I go brain dead I don't have to go search around for it for 10 minutes. It breaks down like this:

  • Cross Box or Cross-Connect Box – Most common name, but in Ma Bell terms it usually refers to ones slightly smaller which contain jumpers from customer to the central office. These aren't to be confused with VRAD which are similar, but smaller, and often sometimes next to cross boxes or remote terminals.
  • Remote Terminal – Also sometimes called this, and so-called because they were like a tiny remote central office. These, unlike regular cross boxes, have slots for cards of what kind of circuit was being installed. For example a SDN line would have a card that takes two slots. Another sign of a Remote Terminal Unit versus a regular Cross Box is that RTUs have batteries in them. Some RTUs are bigger and are buried underground with sump-pumps and air conditioners and fancy stuff.

    Everyone loves slots
    Slots inside a Remote Terminal, a more modern one, smaller, at an industrial site.
  • SLC or SLC96 – Sometimes referred to as this, but these contained pair gain multiplex equipment in them. SLC itself stands for "subscriber loop carrier" or "subscriber line carrier". The 96 though refers to the fact it broke down into 96 lines.

And there we go, things I can never remember.

Thanks a lot to the phone woman for some extra insights into this post.

Casting int faster than intval in PHP

For years I've been using intval($var) for being sure something is an integer, and sometimes using (int)$var to cast it into an integer, which essentially does the same thing — learn what casting is.

I'm here to tell you that unless you require the second parameter of intval(), which changes the base, then you should be casting instead.

In the case of casting int, it's about 300% or 3 times as fast as using intval(), and if you use it a lot like I do, for example in setting the correct type/checking for SQL queries, then it's time to switch. I know I am.

You can also pile them up if you want, for example:

$var = (int)(bool)$var;

This will change strings of "1" and "0", actual numbers of 1 and 0, boolean values, and null to True and False (Null is always False). Pretty useful if you've got a bit or tinyint(1) for pseudo-bool columns in your database or what have you, clean it up real nice.

It's sort of strange too because in other languages I always cast when available, but for some reason in PHP I got in the habit of using intval(), floatval(), etc.

Available casts:

$var = (array)$var;
$var = (b)$var;
$var = (binary)$var;
$var = (bool)$var;
$var = (boolean)$var; // Alternative
$var = (double)$var;
$var = (float)$var;
$var = (int)$var;
$var = (integer)$var; // Alternative
$var = (object)$var;
$var = (real)$var;
$var = (string)$var;