[HN Gopher] Why do shared hospital rooms not violate HIPAA?
___________________________________________________________________
Why do shared hospital rooms not violate HIPAA?
Author : oatmeal1
Score : 112 points
Date : 2023-08-30 21:15 UTC (1 hours ago)
(HTM) web link (law.stackexchange.com)
(TXT) w3m dump (law.stackexchange.com)
| ceejayoz wrote:
| This is why "code is law" as a crypto meme was a little silly.
| Law is often intentionally flexible!
| ajsnigrutin wrote:
| Meh, just one more if() needs to be added :)
| [deleted]
| Quekid5 wrote:
| I think you can drop the "often". Law _must_ almost by
| definition be flexible because there are so many things in life
| that aren 't as simple 'yes' or 'no'.
| talldatethrow wrote:
| Car dealership customers are always worried about their data. And
| rightfully so.
|
| The typical car salesman has 15 credit applications in his desk,
| 5 in his car in some folders he forgot about, 1 in the trash can
| he accidentally crinkled up instead of putting in the shred box.
| The managers office is even worse. The finance guys office is
| even worse. The 'business office' is half decent because the
| GM/owner is up there often.
|
| On a side note, my friend subleased an office from a medical
| nurse temp agency/employment agency.
|
| When he arrived (I helped him move in), there were thousands of
| unsecured files with people's socials and all info needed to get
| a job in file cabinets.
|
| The office had cleaning service every night from a random
| cleaning company.
| dahwolf wrote:
| Because that would be unreasonable and impractical.
|
| Next question please.
| [deleted]
| fardo wrote:
| The second comment feels closer to the mark. While post-hoc
| justifications could be made as to why a rule at least in spirit
| seemingly about patient privacy ignores an obvious and glaring
| privacy flaw, if the parties involved could be so honest, the
| real-world answer why it's allowed would probably be
|
| > "It would be extraordinarily inconvenient and expensive for it
| to work otherwise."
|
| Sprinkle on a little bureaucrat-ese and post-hoc justification
| and you get the "clarified guidance" the primary comment calls
| out
| tptacek wrote:
| It's about the confidentiality of electronic medical records,
| not about patient privacy.
| fardo wrote:
| If we're discussing
|
| > What is the motivation behind keeping medical records
| confidential, why do we actually care?
|
| A respect for the patient's privacy is likely going to be one
| of the driving reasons, if not the primary reason itself.
| tptacek wrote:
| No, that's not the actual reason! The reason the rule
| exists is because, when HIPAA was passed, electronic
| patient health records were a new thing, and they were
| desired both for cost savings (electronic records as a way
| to drive administration costs down were a huge thing in the
| 1990s) and so the USG could combat Medicare fraud. The
| confidentiality rule was designed to ease the acceptance of
| electronic records; that's all. That's why the rule refers
| to e-PHI.
| fardo wrote:
| You're correct regarding historical procedure, but with
| regards to the privacy rule, which was added shortly
| after its creation and at least online is much of why the
| act is known and discussed today, the rule exists to,
| quoting the government's description,
|
| > The Rule requires appropriate safeguards to protect the
| privacy of protected health information and sets limits
| and conditions on the uses and disclosures that may be
| made of such information without an individual's
| authorization.
|
| We allow a major hole here in that protected health
| information by willfully careful readings of "appropriate
| safeguards" and "limits and conditions", essentially
| because doing otherwise would be a nightmarish expense
| and pain.
| [deleted]
| pierat wrote:
| Speaking of that, hospitals still use tons of POCSAG (pagers) and
| splatter medical everything over those. Course it's illegal to
| listen due to a bullshit 1987 law... but trivial to do so with a
| RTL-SDR.
|
| One idea my nefarious side had was to get the med records of
| individuals and get the address's house cost, and send scary
| calls/text/messages shaking relatives down with scare-calls.
|
| Obviously I wouldn't do that. But it would be trivial to do.
|
| (Long story short, pager infrastructure needs destroyed.)
| paxys wrote:
| It is legal because you are agreeing to it. Otherwise get up and
| leave.
| ceejayoz wrote:
| You can't agree to OHSA violations, or to a sub-minimum wage. A
| hospital conditioning treatment on a HIPAA waiver having been
| signed will quickly find itself the subject of regulatory
| scrutiny.
|
| I went to war with a doctors' office that claimed their non-
| compete clause meant I couldn't transfer my medical records to
| a doctor who'd left the practice I wanted to follow.
| paxys wrote:
| A paper that says "I agree to a sub minimum wage" is illegal.
|
| One that says "I agree to share my medical info with XYZ" is
| not. Every hospital already makes you sign this when you are
| admitted, otherwise they wouldn't be able to function.
| ceejayoz wrote:
| Such a _voluntary_ waiver is legal, yes.
|
| Refusing to treat you if you want to keep your rights, less
| so.
|
| The thing they have you sign is an agreement that you
| received a notice of their privacy practices (laying out
| your HIPAA rights). It isn't a waiver.
|
| Hospitals don't need a waiver to operate. HIPAA already
| permits them to share internally, with billers, etc.
| robbiep wrote:
| That a doctors office can have a non-compete boggles the mind
| jonas21 wrote:
| I assume the non-compete agreement was between the doctor
| and the practice, which seems somewhat reasonable.
| [deleted]
| ceejayoz wrote:
| Yes. They took the position that their non-compete (and
| our general "we agree to clinic practices") with their
| doc took precedence over our HIPAA rights, which NY...
| disabused them of.
| ShakataGaNai wrote:
| Because health privacy is not ALWAYS HIPAA. In fact, it's almost
| never HIPAA... except for the fact that some Karen's learned the
| term HIPAA and now they think it's always HIPAA [1].
|
| Unless it's digital health record-related, then it's probably
| HIPAA.
|
| If you're really curious, you can read HIPAA [2] and HITECH [3].
| Combined, they are about 600 pages of dense dense legalese.
|
| [1] https://www.hipaajournal.com/is-it-a-hipaa-violation-to-
| ask-... [2]
| https://www.govinfo.gov/content/pkg/PLAW-104publ191/pdf/PLAW...
| [3]
| https://www.govinfo.gov/content/pkg/PLAW-111publ5/pdf/PLAW-1...
| lolinder wrote:
| > some Karen's
|
| As an aside: I wish this meme would die.
|
| > For the same reason, the Karen meme divides white women
| themselves. On one side are those who register its sexist uses,
| who feel the familiar tang of misogyny. Women are too loud, too
| demanding, too entitled. Others push aside those echoes,
| reasoning that if Black women want a word to describe their
| experience of racism, they should be allowed to have it.
| Hanging over white women's decision on which way to jump is a
| classic finger trap, familiar to anyone who has confronted a
| sexist joke, only to be told that they don't have a sense of
| humor. What is more Karen than complaining about being called
| "Karen"? There is a strong incentive to be cool about other
| women being Karened, lest you be Karened yourself.
|
| https://www.theatlantic.com/international/archive/2020/08/ka...
| owenmarshall wrote:
| One of the easiest questions to ask of someone who shouts
| "HIPPO violation!" is "covered entity or business associate?"
|
| "Yes, Dunkin Donuts can give you a free donut if you show your
| Covid vaccination card. No, the donut shop is not a covered
| entity or a business associate, so they aren't bound by HARPO."
| kstrauser wrote:
| From https://www.hipaajournal.com/what-does-hipaa-cover/
|
| > The HIPAA Privacy Rule applies to all forms of health
| information, including paper records, films, and electronic
| health information - even spoken information.
|
| HIPAA is not as limited as you state.
| dekhn wrote:
| but it only applies to covered entities and business
| associates.
| kstrauser wrote:
| True. That covers the hospital rooms in this article. It
| doesn't mean that your barber can't ask to see your
| vaccination card.
| vidanay wrote:
| Why do the paper thin walls between exam rooms at my doctor's
| office that allow me to hear entire conversations while I am
| waiting (and waiting) not violate HIPAA?
| supertrope wrote:
| Clinics that deal with the most sensitive medical needs tend to
| be more careful. HIV testing, reproductive health, psychiatry,
| hospice.
| burnte wrote:
| Reasonable precautions. I've been top IT management in
| healthcare for 8 years, I'm very well versed with this concept.
| HIPAA isn't "PHI is Eyes Only Secret!" it's "you have to take
| reasonable precautions to safeguard data from bad actors." I
| have a wall between the rooms, each room has doors, and when
| the doc is talking with you, you can't hear a lot from the next
| room over. We don't have to make walls soundproof and doors
| sealing airlocks.
| amelius wrote:
| Because by walking into the hospital, you already gave away the
| info to any bystander. And all variations thereof.
| ceejayoz wrote:
| If you're coming in for a disembowlement, sure, but even then
| you're only really revealing the condition; your name, history,
| insurance details etc. are still private information. (The
| hospital would also still be forbidden from, say, publishing
| "amelius came in today with with a minor disembowlement"
| without your permission, no matter how public it was in the
| waiting room.)
| Quekid5 wrote:
| In the waiting room they usually don't shout out "Geoff,
| who's here for the cock wart, the doctor will see you now"...
| they just say "Geoff, the doctor will see you now."
|
| Btw, my name's not Geoff.
|
| (Just to be a bit more plain.)
| macksd wrote:
| The top comment here is very reasonable, but I still think the
| application of HIPAA has been a giant mess, reflecting a disdain
| toward patients similar to everything else in the US healthcare
| system.
|
| I've ranted on here plenty about how often I've dealt with
| incorrect bills, and HIPAA plays into that as well. My private
| information can be shared to "traveling doctors", it can be
| shared with woefully incompetent contractors who handle billing
| (or, pretend to), and I received a notice last year that my
| information had been involved in a data breach and I'm not
| expecting any compensation. When I had to get a very private and
| sensitive part of my body imaged, they'll gladly announce to the
| waiting room my name and what procedure I'm there for, even
| though it's a rather private and sensitive part of my body - very
| similar to the shared room concern. I don't care that the people
| in that room aren't likely to misuse my healthcare information, I
| don't want them knowing where I found a lump anyway.
|
| And yet HIPAA is often cited to me over the phone as the reason
| why we can't seem to get incorrect bills figured out for my
| dependents. It doesn't seem to me that HIPAA actually does much
| to protect my privacy, but it sure gets used to obfuscate things
| when there's a problem.
| jancsika wrote:
| > And yet HIPAA is often cited to me over the phone as the
| reason why we can't seem to get incorrect bills figured out for
| my dependents.
|
| That's actually a great reason to refrain from discussing
| someone else's medical data with you. That it is inconvenient
| for you is certainly bad, but that is a non sequitur.
|
| > It doesn't seem to me that HIPAA actually does much to
| protect my privacy, but it sure gets used to obfuscate things
| when there's a problem.
|
| If we allowed Bill Handler, Inc. try their hand at securely
| implementing "for the purposes of this call, pretend I'm
| someone else," you're going to have TWO_PROBLEMS *
| NO_OF_DEPENDENTS
| [deleted]
| motohagiography wrote:
| Agreed, the individual records are not specifically secret. The
| regulations are to prevent unauthorized disclosure and misuse.
|
| Unfortunatly that leaves a _lot_ of leeway. The major EMR
| vendors are all aggregating patient data in cloud services and
| taking it across borders to where there is no transparency for
| what is being done with it. The regulations were written with a
| 90 's understanding of technology.
|
| A more appropriate regulation today would be to create a
| category of legally privileged PHI that is strictly
| inadmissable in legal proceedings and with heavy fines for
| unauthorized use and disclosure. However, I don't see privacy
| legislation getting any better as the people inside govt and
| academia absolutely hate privacy as a concept because they are
| the specific targets of limiting their discretion about whose
| data they can snoop. We're in an era of institutional capture
| by people without ideals or principles, and it's probably
| unwise to expect altruistic public interest policy like
| 90's-style privacy legislation from any of them anytime soon.
| jliptzin wrote:
| I once went to the dermatologist, the doctor left the room
| briefly and had the computer screen open with everyone's full
| name and reason for the visit that day...could see who was
| there for genital warts, Botox, etc. I don't think anyone
| should expect that their health info remains private at any
| point
| catchnear4321 wrote:
| two seconds to clear the screen. a few dollars for a privacy
| shield.
|
| your doctor was more than a little careless and, knowingly or
| not, relied on you to not cross any lines.
|
| if that's not concerning to you, fantastic... but for some
| reason you didn't name the doctor, perhaps because you know
| others disagree. nor did you name the patients.
|
| huh.
|
| guess your doctor made a safe assumption about you. who else
| saw the warts list that day?
| DoreenMichele wrote:
| What your doctor did is actually a HIPAA violation. He's a
| covered entity and securing computer screens is a standard
| precaution for such.
|
| In reality, a lot of doctor's offices are not well versed in
| HIPAA because many are de facto small businesses. Large
| hospitals and insurance companies generally have better
| knowledge of HIPAA and HIPAA compliance.
| meetingthrower wrote:
| Had an emergency room visit for a somewhat bloody mishap with
| my son (he's ok.) The resident texted the on call surgeon
| pictures of the problem from his personal phone to determine if
| the surgeon should come in for a surgery. The pictures I saw on
| his phone of other patients as he set up the text were a
| hellscape of blood and gore!
| 1-6 wrote:
| I have a domain name that's similar to a medical facility.
| Sensitive medical data gets emailed to the wrong recipient all
| the time and it's usually operator error.
| _jal wrote:
| Ditto, only my domain is unfortunately similar to a major (non-
| us) airline.
|
| The tarmac reports can be oddly entertaining sometimes. I still
| wonder how an alcohol bottle became embedded in a runway a few
| years back.
| RajT88 wrote:
| I used to work for a company which made EHR systems, and there
| was one product which distributed client software updates via
| email. As in, they would attach an *.msi file and send it.
|
| It was a weird conversation, where we both ended up looking at
| each other like the other one was a total moron.
| [deleted]
| vasco wrote:
| My name and domain is similar to a huge transportation company
| so I frequently get quotes for big jobs, plus times and dates
| for large truck shipments.
| dylan604 wrote:
| This might be advantageous if you are also receiving
| inventory for these shipments if you're the type to make that
| information available to interested parties
| anonu wrote:
| HIPAA is sort of a joke to me. My perspective being that of a
| patient. Any doctor's office just blindly asks you sign a HIPAA
| authorization release form. Most patients don't realize that you
| have a choice to "opt out" and not sign it. But even then it
| doesn't matter because under HIPAA the provider may still choose
| to share your personal information for their own reasons.
|
| Sure, I am doing a lot of "hand waving"- I'm not an expert on the
| law. I'm merely sharing my perspective on this. Would love to
| understand more about this specific authorization...
| appleflaxen wrote:
| > Any doctor's office just blindly asks you sign a HIPAA
| authorization release form.
|
| You are incorrect. You are being asked to acknowledge that you
| received a copy of their privacy policies. You can decline and
| it doesn't change very much (if anything), because they will
| still document that they informed you of them... which they
| did.
|
| It's understandable that people don't read what they're
| signing; I often don't have time, either. But you are posting
| _about_ that form having not paid much attention to it, which
| is less common, in my experience.
| ceejayoz wrote:
| > Any doctor's office just blindly asks you sign a HIPAA
| authorization release form.
|
| I've never been asked to waive my rights. I have been asked to
| sign that I received their notice of privacy practices. (Almost
| always having not been actually given any to read, which is
| fairly infuriating.)
|
| > But even then it doesn't matter because under HIPAA the
| provider may still choose to share your personal information
| for their own reasons.
|
| Only in certain specific situations.
| kemotep wrote:
| Any HIPAA authorization form I have signed has had me spell out
| who is allowed to have access to my records, like my wife or
| another Doctor's office. Did you read what you signed?
| dangle1 wrote:
| HIPAA was never meant to prevent direct communication between
| clinicians regarding a shared patient's healthcare needs and
| issues in order to provide the best and safest care possible.
| [deleted]
| swayvil wrote:
| My friend spent the night in the hospital recently, for
| observation.
|
| She didn't sleep a wink. With all the beeping and alarms and
| periodic checks and procedures. Mostly involving her roommate.
|
| The next morning she was mentally and physically wrecked. the
| first thing she told the nurse was, "I want to go home so I can
| get some sleep.
|
| The nurse laughs and replies, "I hear that all the time. Nobody
| ever sleeps here".
|
| Now that's messed up. Sleep is the great healer. No sleep is the
| great destroyer. Is this intentional or institutional insanity or
| what?
|
| I mean why don't they just put strychnine in the water supply
| while they're at it?
| morkalork wrote:
| Likewise, l hospitals serve food portioned nutritionally for a
| healthy adult when people who are sick or healing from injury
| may very well need more calories and protein to fuel their
| bodies healing.
| bigmattystyles wrote:
| Ricky Gervais had a line that stuck with me back on the podcast
| with Steve Merchant and Karl Pilkington - `How do people sleep
| in hospital? They'll wake you up to give a sleeping pill`
| ceejayoz wrote:
| The beeping and alarms and periodic checks and procedures are
| there to prevent worse things than a night's worth of lost
| sleep.
| swayvil wrote:
| Yeah I get the obvious theory. But it's like putting a
| tourniquet around your neck to stop a nosebleed.
| tekla wrote:
| No its not. One bad night of sleep won't kill you. You are
| more than welcome to reject an overnight stay.
| tekla wrote:
| An overnight stay is for observation not comfort. The hospital
| wants to gather as many metrics as possible to keep you alive,
| respond ASAP to issues and dis-chargable to free up room for
| other sick patients. not give you a hotel bed.
| swayvil wrote:
| Go to the hospital healthy, come out sick.
|
| I don't have a medical degree or anything but that's crazy.
|
| (Also, the nurse said _nobody_ sleeps here. Not just the
| people under observation.)
| tekla wrote:
| > Go to the hospital healthy, come out sick.
|
| This isn't whats happening. Being sleep deprived for a day
| is annoying, but hardly a health issue. I bet most people
| would rather have doctors respond to you suddenly dropping
| blood O2 levels to under 90% than not.
|
| > (Also, the nurse said nobody sleeps here. Not just the
| people under observation.)
|
| Yes, nobody sleeps because nurses and doctors are all
| working >14 hour shifts with on-call rotations trying to
| keep people ALIVE. I have many medical professionals in my
| family, all of them are rest deprived, trying to keep track
| of the myriad of patients all demanding personal constant
| attention.
| watwut wrote:
| > I have many medical professionals in my family, all of
| them are rest deprived, trying to keep track of the
| myriad of patients all demanding personal constant
| attention.
|
| That is not exactly defense of medical system. If it
| keeps workers sleep deprived they will make mistakes.
| This just means system itself sux.
| swayvil wrote:
| Actually, sleep deprivation, even for one night, is
| definitely a health issue. And the only reason it's
| accepted is because it's so common. It's the modern
| equivalent of drinking out of lead cups.
|
| (And of course a sleep-deprived medical professional is a
| health hazard to everybody involved. Only a fool thinks
| otherwise.)
| emerongi wrote:
| Sleep deprivation is not as dangerous as dying from an
| acute condition. If you're in the hospital for one night,
| you're being treated by doctors who want to make sure
| you're not going to die for the night. If you get
| admitted for a longer period, it's a different
| environment altogether. At least this has been my
| experience.
|
| You get used to the beeping after one night anyway. If
| not, you can ask the nurse for earplugs or even sleeping
| pills (although sleeping pills are harder to get).
| tekla wrote:
| Then leave. They're not forcing you to stay. Generally no
| one puts you on observation unless you need it, and by
| "need it", it means "needs to be disturbed to take tests"
|
| If you think sleep is a higher health factor than the
| reasons that the hospital want to put you under
| observation, then just refuse treatment.
|
| If you don't want to be disturbed by patients in the same
| room, you can pay for that.
| [deleted]
| lifeisstillgood wrote:
| my favourite part of the "reasonable precautions" explanation is
| the possibility that if you are a known PHI leaker, the hospital
| might have to segregate you - (or even be able to refuse
| treatment)
|
| weird
| tptacek wrote:
| It's easier to make sense of when you remember the original
| purpose of HIPAA, which was cost control and portability (that's
| what the 'p' stands for!).
|
| The confidentiality rules in HIPAA are part of (IIRC, I think,
| etc?) the "Administrative Simplification" section, which was
| about standardizing electronic health care records and making
| them available to the government for combating Medicare fraud.
| The law wasn't a sweeping medical privacy bill; it added privacy
| rules to mitigate concerns people had about centralizing medical
| records as part of its major purpose.
| armchairhacker wrote:
| How does HIPAA compare to FERPA?
|
| My understanding is that FERPA is similar to HIPAA, except for
| college scores and enrollment information instead of medical
| records.
|
| But there's a rule in FERPA where you explicitly can't leave a
| stack of exams and let students pick them, because it exposes
| students to others' scores. Another rule is that you can't
| associate a students exam with their student ID even if it's a
| sequence of numbers, because the id is public information, but
| you wouldn't expect someone to remember someone else's id.
|
| (I specifically remember some professors not following the exam
| rule, probably because they didn't know or perhaps it didn't
| exist yet. I don't know if anything happened to them but I
| suspect if anything, they were simply asked to not do that in the
| future.)
| vasco wrote:
| I recently learnt on HN that some countries don't publish
| grades to ALL students at once and still can't think why. It's
| such an amazing gift to be able to see how much everyone got
| and the academic competition in its most pure form, while
| removing some awkwardness of getting results of your work (good
| or bad) early in your life.
|
| People are too focused on hiding results because someone might
| feel bad.
| armchairhacker wrote:
| Most classes. publish grade distributions, so you know if you
| were in the top or bottom 10%. Or at least the mean, median,
| highest, and lowest.
|
| But you don't get the grades of individuals.
| kube-system wrote:
| While things like FERPA broadly protect most student
| information in the US, it doesn't exist so that people don't
| feel bad about their test scores. It limits schools and their
| staff to using student data for legitimate academic purposes
| and prohibits other uses that could be bad. That data goes
| beyond just test scores and could be things related to the
| students health, social life, behavior, etc. This kind of
| data doesn't need to shared with anyone that doesn't need to
| know it.
| andrewguy9 wrote:
| Because that would be expensive.
| [deleted]
| dtnewman wrote:
| From the HHS.gov website:
|
| The Privacy Rule permits certain incidental uses and disclosures
| that occur as a by-product of another permissible or required use
| or disclosure, as long as the covered entity has applied
| reasonable safeguards and implemented the minimum necessary
| standard, where applicable, with respect to the primary use or
| disclosure. See 45 CFR 164.502(a)(1)(iii). An incidental use or
| disclosure is a secondary use or disclosure that cannot
| reasonably be prevented, is limited in nature, and that occurs as
| a result of another use or disclosure that is permitted by the
| Rule. However, an incidental use or disclosure is not permitted
| if it is a by-product of an underlying use or disclosure which
| violates the Privacy Rule.
| bigmattystyles wrote:
| I mean, they usually have a little curtain - I suppose that
| counts as reasonable.
| [deleted]
| mzs wrote:
| guidance to the question itself: https://www.hhs.gov/hipaa/for-
| professionals/faq/197/must-fac...
| buildsjets wrote:
| The P in HIPAA stands for Portability, not Privacy. The primary
| purpose of HIPAA is not to prevent the sharing of confidential
| patient data, it is to ENABLE the sharing of confidential patient
| data with anyone who has the right to see it. The issue is the
| number of entities who claim that they have right to see the
| data, and the lack of a mechanism for the individual to prevent
| their information from being shared.
|
| Should Facebook have a right to access your health data? Your
| opinion does not matter, they wanted it, and they got it. What
| about the US Department of Transportation? They maintain the
| right to access the electronic medical records of any person who
| falls under their regulation, such as pilots and truck drivers.
| They have been know to go on fishing expeditions trolling through
| medical records in search of violations. Search for Operation
| Safe Pilot. I know several people who have either avoided medical
| treatment because of this issue, or obtained treatment in a
| foreign country.
| deathanatos wrote:
| I work in healthcare; these views are my own, and IANAL.
|
| > _The P in HIPAA stands for Portability, not Privacy._
|
| ... sure, that P stands for that. But one of the key sections
| is literally called the Privacy Rule: "The HIPAA Privacy Rule
| establishes national standards to protect individuals' medical
| records and other individually identifiable health information"
|
| > _Should Facebook have a right to access your health data?
| Your opinion does not matter, they wanted it, and they got it._
|
| No. Wantonly sharing PHI with Facebook would almost certainly
| be a violation of HIPAA ... and literally, it's already
| happened, this year even[1]: "The office warned that entities
| covered by HIPAA aren't allowed to wantonly disclose HIPAA-
| protected data to vendors or use tracking technology"
| ("Vendors" here included Facebook and the like.) 1
|
| Now, HIPAA only applies to covered entities. In the context of
| the OP however, a hospital is a covered entity. Whether
| eavesdropping is permissible is a good question.
|
| [1]: https://www.politico.com/news/2023/04/17/health-industry-
| dat...
|
| 1I think regulatory agencies across the board have been giving
| pittances for fines, and these are no exception. There's a real
| question as to whether enforcement is actually _meaningful_ ,
| but that's separate question from whether there is a _right_.
| tptacek wrote:
| It's only "key" in the sense that it's the part technologists
| and people building PHI-encumbered products have to care
| about. It's not a key section in the bill itself; in fact, I
| don't even think it's a key part of the _section_ of the bill
| it 's in (which, I think, is about Medicare fraud).
| deathanatos wrote:
| Okay ... sure. "Key" if you're like me, and working in
| healthtech, I suppose, as it's one of the sections they
| repeatedly try to cram into your head in the mandatory
| training sessions. (...and for good reason.) In the
| intersection of Facebook and PHI.
___________________________________________________________________
(page generated 2023-08-30 23:01 UTC)