05.12.06
Incompetence vs. HIPAA
Wow. There are so many good lessons to be learned from theĀ Hungry, Hungry HIPAA post over at the DailyWTF, an often hilarious site that posts, um, implementation flaws. Some lessons immediately come to mind:
- control and physical location of the data matters (physical entities must be part of the model).
- too much aggregation of user data makes for big mistakes
- access controlsĀ need to protect against incompetence of administrators as well as malicious intent
I've done a variety of things in my career, but always seem to
return to issues of identity and technology. Most of what's written
here will be about such things. I work for Novell, but this is my
personal blog. The views expressed on here are mine alone and do not
necessarily represent the position of my employer.