| ▲ | lokar 4 days ago |
| At least in the us I think HIPPA would cover this, and IME medical providers are very careful to select products and services that comply. |
|
| ▲ | heyjamesknight 4 days ago | parent | next [-] |
| Yes, but HIPAA is notoriously vague with regards to what actual security measures have to be in place. Its more of an agreement between parties as to who is liable in case of a breach than it is a specific set of guidelines like SOC 2. If your medical files are locked in the trunk of a car, that’s “HIPAA-compliant” until someone steals the car. |
| |
| ▲ | fc417fc802 3 days ago | parent [-] | | I think that's a good thing. I don't want a specific but largely useless checklist that absolves the party that ought to be held responsible. A hard guarantee of liability is much more effective at getting results. It would be nice to extend the approximate equivalent of HIPAA to all personal data processing in all cases with absolutely zero exceptions. No more "oops we had a breach, pinky promise we're sorry, don't forget to reset all your passwords". | | |
| ▲ | heyjamesknight 3 days ago | parent [-] | | No disagreement. Its just something I point out when people are concerned about "HIPAA compliance." My experience is that people tend to think its some objective level of security. But its really just the willingness to sign a BAA and then take responsibility for any breaches. |
|
|
|
| ▲ | loeg 4 days ago | parent | prev [-] |
| It's "HIPAA." |
| |
| ▲ | esseph 4 days ago | parent [-] | | It was just last week that I learned about HIPAA Hippo! |
|
