|
|
|
|
|
|
by berdario
1894 days ago
|
|
|
I'm not aware of how things work in the US, but... Surely if you are only handling Names and DOB you don't have to be HIPAA compliant? I mean, if you have to be HIPAA compliant (your application is medical-adjacent and/or is handling also other bits of data besides Name and DOB), then by correlating the DOB (or name) with the rest of the data, health information could be leaked, and thus you want to protect Name+DOB with the HIPAA standards (even just the fact that a certain name uses a certain app/is inside a certain system might be sensitive). But otherwise... almost every system under the sun is ingesting name+DOB. (there's a case to be made that the system described in the post is a medical app... but again: different jurisdiction) |
|
|