Comment by SoftTalker
4 hours ago
I agree the threat is there but I've never seen anyone actually punished for HIPAA violations and my data have been involved in several hospital and insurance breaches.
4 hours ago
I agree the threat is there but I've never seen anyone actually punished for HIPAA violations and my data have been involved in several hospital and insurance breaches.
There's not even a test for HIPAA compliance, so you can't legally prove you were ever compliant in the first place, other than you did what you thought was right. People love to use the term "HIPAA-compliant" but it's technically not a thing.
From my understanding, HIPAA mostly just says that you need to have policies in place for various things, such as rotating passwords or encrypting data, but it doesn't go into explicit detail about what all must be IN those policies, or how you enforce them.