[api]

Wizards? It's an e-commerce web site. This is baby stuff, even at scale.

[d23]

No it isn't. You're talking about interfacing with hundreds of existing insurance systems. It would be a nightmare.

[smokinjoe]

PCI Compliance can be a nightmare.

I don't even want to imagine HIPAA compliance for something of this magnitude.

[erichocean]

It's not HIPPA compliant. Really, did you think the government follows its own rules? Get real.

[smokinjoe]

I guess you can call me naive.

..and slightly ignorant regarding this HIPAA kerfuffle that popped up. I did some quick [hilarious] research that resulted in an issue where commented copy was being used as an indicator that there was to be no sense of privacy on the website.

source: http://www.politifact.com/truth-o-meter/statements/2013/oct/...

I'm not entirely sure that's what you're referencing or whether you're just bein' a smart aleck, but I had some fun reading up on the story. I also learned that the website healthcare.gov doesn't necessarily need as much HIPAA compliance as I had initially anticipated. To enroll, the only 'medical' type data you need to include is whether you are a smoker or not - I thought there would be much more sensitive information right off the bat.