[electric_mayhem]

Come on now.

Can’t? Really?

Maaaybe it’s against some law or privacy policy or mandatory annual training.

But do you honestly believe companies follow laws and policies if they think they can get away with not?

And even if you can ignore that corporations are regularly -publicly- wrist-slapped for failings in those areas and still believe they are virtuous, privacy-respecting, law-abiding entities (rofl) … are you ready to argue that no executive or other employee ever, (knowingly or unknowingly) uses data to run a calculation or check a theory against published policy?

The only thing that surprises me about the above scenarios is there’s a human alive who would believe their improbabl3a let alone, as “can’t” would imply, impossible.

[dymk]

I don't think you've worked in the medical industry, or you'd know just how big of a deal HIPAA is.

[Judgmentality]

I've never worked in the medical industry but I know many people who have, who basically told me HIPAA violations are extremely common and only enforced for a fraction of violations that actually occur. My ex used to work in medical insurance (for a very, very big company) and estimated that maybe 3% of HIPAA violations are actually enforced. I used to think HIPAA was a huge deal until she told me story after story of violations that were ignored.

I think HIPAA is the sort of thing where if you hear about it then it's taken seriously, but the overwhelming number of violations are just ignored and you never hear about them. I'd like to be wrong but unfortunately that's the information I've been fed by people more knowledgeable than me.