this post was submitted on 21 May 2024
419 points (97.7% liked)

Technology

58975 readers
4146 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] -1 points 5 months ago (3 children)

You should read up on penalties for HIPAA violations, they don’t fuck around.

[–] [email protected] 8 points 5 months ago

You're right they don't, but only for covered entities which MS is not in any shape or form

It's just like when Grindr or whatever leaked people's STD status, they nor MS are a medical provider or "covered business entity"

HIPAA is an ok privacy law, but it is not the all supreme health privacy law you think it is

[–] [email protected] 4 points 5 months ago

You should read up on anyone even coming close to being beholden to those penalties, because they absolutely do fuck around when its corporations.

[–] [email protected] 12 points 5 months ago

I'm aware of them.

Let's look at some of the most historic:

  • NY Presbyterian Hospital - with no real efforts on their end to prevent the violation of thousands of records, they got a whopping fine of.... Under $5 million.
  • AHC - lack of risk analysis, failures in procedures and policies, etc - Just over $5 million.
  • Data breaches - usually around $4-5mil, the worst case being Anthem, about 80 million people effected - $16 million in fines. A record.

Criminal offenses? Yeah, plenty of those - with individuals, usually related to that information then being used for other purposes (scams, theft, etc).

But a company like Microsoft, you're going to have a hard time convincing me it's going to ruin the company. The history of HIPAA violations and their fines tell a very different story.