[tptacek]

Yeah, if that's what you mean, this just isn't expensive. If you do a lot of consulting for HIPAA companies, you get HIPAA-trained a bunch (ie: you fast-forward through a lot of videos with an HTML5 video playback speed hack). They're not a big deal; maybe a hundred or two per seat?

It's not my impression that HIPAA is one of the more burdensome regs regimes, and this comment sort of reinforces that belief.

[AnthonyMouse]

I feel kind of the opposite. Like the way "compliance" works in corporations is everyone has to sit through a boring training video so they can check the box that says "trained staff on regulatory compliance" when the real cost is not just watching the video but actually diligently putting it into practice. Which is pretty cheap for the companies who skip doing that part, admittedly, but if that's expected to be the method of "compliance" then what's the point of the law?