This seems like a five alarm fire for HIPPA, is there something I’m missing?

Spooky23 · 2025-08-20T01:26:32 1755653192

It’s a bug. He reported it, they fixed it.

It is not a five alarm fire for HIPAA. HIPAA doesn’t require that all file access be logged at all. HIPAA also doesn’t require that a CVE be created for each defect in a product.

End of the day, it’s a hand-wavy, “look at me” security blog. Don’t get too crazy.

waffleiron · 2025-08-20T03:23:37 1755660217

I am more on the privacy side of things like HIPAA, but I would like to link the following.

https://www.hhs.gov/sites/default/files/january-2017-cyber-n...

Spooky23 · 2025-08-20T19:41:41 1755718901

There’s discretion in reasonable and appropriate.

Biggest thing is to have plan and policy. I’d agree in general that more audit is better.

loeg · 2025-08-20T01:10:14 1755652214

It's HIPAA.

adzm · 2025-08-20T01:15:03 1755652503

The HIPAA hippo certainly encourages this confusion

ivewonyoung · 2025-08-20T01:16:09 1755652569

It's HIPPA now for all intensive purposes.

FergusArgyll · 2025-08-20T11:08:16 1755688096

For all intents and purposes