|
|
|
|
|
|
by labcomputer
1519 days ago
|
|
|
One difference is that HIPAA has a bunch of statutory penalties for "technical violations" that might or might not harm anyone. For example, if a call center staff discloses patient information to, say, the child or parent of a patient, that comes with an automatic fine and (potentially) jail time. Another aspect is that certain HIPAA allowances for data usage require a lawyer's expertise, not an engineer's. For example, can a health insurer use patient data to train a model w/o first obtaining patient consent? If the model will be used for "healthcare operations" (i.e., adjudicating claims), you might argue that the answer is yes. If the same model will be used for suggesting treatment options to doctors, you might argue that the answer is no. If you answer wrongly, you are hit with a statutory fine. It's like having a fine for painting the bridge the wrong color because there is a law that bridges must be green, but you used lime. Not because you're worried about the bridge collapsing, but because the law says so. Generally, civil engineers don't need to worry about fines or jail as long as things stay up. |
|
|