Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don’t understand how those services always claim to be „HIPAA compliant“ and yet they do this kind of stuff. Can anybody enlighten me?


Not all of the various silos within evilCorp structure knows what the others are doing, if even the groups within the same silos know what is going on.


It's inexcusable, honestly. These are the kind of decisions that not only need department head approval but also CTO approval. If the CTO didn't see it coming, they failed.

HIPAA isn't some random cert you have to satisfy a single big customer. It needs to be a priority and all business decisions have to be made around it. GDPR is another one.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: