Incompetence vs. HIPAA

Wow. There are so many good lessons to be learned from theĀ Hungry, Hungry HIPAA post over at the DailyWTF, an often hilarious site that posts, um, implementation flaws. Some lessons immediately come to mind:

  • control and physical location of the data matters (physical entities must be part of the model).
  • too much aggregation of user data makes for big mistakes
  • access controlsĀ need to protect against incompetence of administrators as well as malicious intent

Leave a Reply

Your email address will not be published. Required fields are marked *