[throwawayboise]

> I believe you can even be personally liable for HIPPA security violations as a user or dev of a healthcare system.

Welcome to being an engineer, if that's what you want to call yourself. The engineer who approves a bridge design can be held liable if it collapses due to a design fault.

[labcomputer]

One difference is that HIPAA has a bunch of statutory penalties for "technical violations" that might or might not harm anyone. For example, if a call center staff discloses patient information to, say, the child or parent of a patient, that comes with an automatic fine and (potentially) jail time.

Another aspect is that certain HIPAA allowances for data usage require a lawyer's expertise, not an engineer's. For example, can a health insurer use patient data to train a model w/o first obtaining patient consent? If the model will be used for "healthcare operations" (i.e., adjudicating claims), you might argue that the answer is yes. If the same model will be used for suggesting treatment options to doctors, you might argue that the answer is no. If you answer wrongly, you are hit with a statutory fine.

It's like having a fine for painting the bridge the wrong color because there is a law that bridges must be green, but you used lime. Not because you're worried about the bridge collapsing, but because the law says so.

Generally, civil engineers don't need to worry about fines or jail as long as things stay up.

[giantg2]

Generally the firm's insurance will cover an engineer since they are a "professional". Software "engineers" generally have not been individually liable for bugs. Usually the software user agreements don't allow for this sort of thing.

Basically, contracts can control the liability in most cases, but HIPPA prevents that by explicitly defining liability under the statute.

Here's some info on the engineer portion.

https://www.nspe.org/resources/professional-liability/liabil...

[initplus]

Lot's of better paid gigs with better working conditions where you aren't personally legally liable if you write a bug. I don't especially care about what job title some board thinks I'm allowed to use.

[giantg2]

Yep. I believe that's really the core of the article - overhead like regulation and liability on top of working conditions have people looking to other professions.