|
|
|
|
|
|
by PerfectElement
3448 days ago
|
|
|
If they are a Covered Entity or a Business Associate then they should definitely comply with HIPAA[1]. Even though I don't remember if the Security Rule specifically covers this stupid scenario, I think they would be found in violation if audited. They clearly have not performed a risk analysis, which by itself is a violation. [1]https://privacyruleandresearch.nih.gov/pr_06.asp |
|
|