Re: Undisclosed breach at major US facility

[Valdis.Kletnieks () vt edu]

On Mon, 03 Jul 2006 20:38:04 EDT, Stack Smasher said:
> To my knowledge, no one has ever been convicted or fined for HIPAA
> violations EVER. Don't wast your time,  at this point you risk being
> arrested and blamed for this finding rather commended by finding it.

Only because the wheels of justice turn slowly.  HIPPA is a fairly new
law, and unlike a murder where it's usually a pretty quick thing to detect
the crime, a HIPPA violation can lay there for a LONG time until somebody
raises a complaint.  Then it's usually a civil matter, so you end up with
a long discovery period and getting it to trial.  I predict in the next
12-18 months, we'll start seeing cases come up.

Three other things to note:

1) Most of the people whos records have HIPPA issues don't understand
HIPPA, and as a result won't make a HIPPA case out of it.  If Joe Mechanic's
records are leaked, he (a) doesn't know it happened and (b) doesn't know
what to do about it.

2) Most HIPPA issues result in civil cases, not criminal - and civil
cases can (and often are) settled out of court with no court record
generated.  

3) HIPPA only covers certain classes of providers (hospitals, doctors,
insurance companies, and some related areas), and the 'software vendor' is
quite probably not covered.

Attachment: _bin
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/