Hacker News new | past | comments | ask | show | jobs | submit login

Disclaimer: I am not a lawyer, certainly not your lawyer.

Are there any contracts between any of the parties: you, your employer, the software company - that might require you to provide or disclose any information?

Does HIPAA apply? Did you view any protected patient info?

If I were you, I would not post further publicly until after you consult with a local attorney who understands both the potential HIPAA issues and your personal exposure regarding your employer.

Best case - the software company fixes the issue, thanks you publicly, deals appropriately with whoever signed off on the metamorphosi code, encourages your employer to give you a raise, a promotion, a 4 week vacation somewhere pleasant, a personal zeppelin to commute in, and a pet unicorn.

Worst case - the software company portrays you as a hacker (in the worst connotation), accuses you and your employer of industrial espionage and violation of patient privacy, sues you and them for significant damages, encourages the Feds to look into the situation, and your career in programming takes a very messy turn into legal limbo for a few years. No unicorn, either.

tl;dr: Stop posting details. Get legal advice. Great catch. Good luck.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: