|
|
|
|
|
|
by Bartweiss
2448 days ago
|
|
|
There seems to be a widespread misconception that any information covered by HIPAA is always covered, when the reality is that it's only protected health information by covered entities. There also seems to be a lot of confusion about what's a violation: as far as I know only covered entities can be liable, not people they wrongly pass information on to. Now, if a covered medical software company accidentally let a build with accessible PHI go to Microsoft, I guess it's possible they could be HIPAA liable. But that's a pretty narrow case, and not one that's a threat to Microsoft. |
|
|
Until the medical software company sues Microsoft for damages to recoup the HIPAA fine. This is probably buried in some clickwrap contract though. (IANAL; not sure how enforceable such a contract would be)