Hacker News new | ask | show | jobs
by giantg2 1519 days ago
I believe you can even be personally liable for HIPPA security violations as a user or dev of a healthcare system. That seems a bit scary. I agree that regulation persuades people not to do things out of fear of breaking the law. We see this in it's intentional form with regulation of other things such as abortion, guns, etc. Put so many laws in place that risk of accidentally breaking one and receiving an extensive punishment isn't worth it.
2 comments
throwawayboise 1519 days ago
> I believe you can even be personally liable for HIPPA security violations as a user or dev of a healthcare system.

Welcome to being an engineer, if that's what you want to call yourself. The engineer who approves a bridge design can be held liable if it collapses due to a design fault.

link
labcomputer 1519 days ago
One difference is that HIPAA has a bunch of statutory penalties for "technical violations" that might or might not harm anyone. For example, if a call center staff discloses patient information to, say, the child or parent of a patient, that comes with an automatic fine and (potentially) jail time.

Another aspect is that certain HIPAA allowances for data usage require a lawyer's expertise, not an engineer's. For example, can a health insurer use patient data to train a model w/o first obtaining patient consent? If the model will be used for "healthcare operations" (i.e., adjudicating claims), you might argue that the answer is yes. If the same model will be used for suggesting treatment options to doctors, you might argue that the answer is no. If you answer wrongly, you are hit with a statutory fine.

It's like having a fine for painting the bridge the wrong color because there is a law that bridges must be green, but you used lime. Not because you're worried about the bridge collapsing, but because the law says so.

Generally, civil engineers don't need to worry about fines or jail as long as things stay up.

link
giantg2 1519 days ago
Generally the firm's insurance will cover an engineer since they are a "professional". Software "engineers" generally have not been individually liable for bugs. Usually the software user agreements don't allow for this sort of thing.

Basically, contracts can control the liability in most cases, but HIPPA prevents that by explicitly defining liability under the statute.

Here's some info on the engineer portion.

https://www.nspe.org/resources/professional-liability/liabil...

link
initplus 1519 days ago
Lot's of better paid gigs with better working conditions where you aren't personally legally liable if you write a bug. I don't especially care about what job title some board thinks I'm allowed to use.
link
giantg2 1519 days ago
Yep. I believe that's really the core of the article - overhead like regulation and liability on top of working conditions have people looking to other professions.
link
Sohcahtoa82 1519 days ago
> HIPPA

*HIPAA

link