Hacker News new | past | comments | ask | show | jobs | submit login

I think you must be talking about HIPPA compliance, not SOX?

Anyhow, I think the right to privacy is also not absolute. If I'm in public and someone takes a photo, I can't stop that. I also can't force people not to look at me when I'm out in public, or stop them from saying they saw me on the street. Their rights to go about their business in public and their right to free speech are not trumped by my right to privacy.

Medical privacy is different, of course, but that's just another example of my point. In narrow circumstances, certain people (e.g., doctors, hospital staff) can be punished for violating your privacy about certain topics. But there are plenty of exceptions to that. The first hit on my search for "HIPPA exceptions" lists at least 10 reasonable exceptions, including public health and law enforcement: https://www.healthcarecompliancepros.com/blog/exceptions-to-...

In case it isn't clear, I think this is a fine example of balancing societal trade-offs.


Data protection is a huge latent cost in the dispensation of healthcare that goes unnoticed in discussions. And HIPAA can get expensive for the providers.

  If you are a small covered entity, HIPAA should cost:
    Risk Analysis and Management Plan ~$2,000
    Remediation ~ $1,000 - $8,000
    Training and policy development ~ $1,000-2,000
    Total: $4,000 - $12,000

  If you are a medium/large covered entity, HIPAA should cost:
    Onsite audit ~ $40,000+
    Risk Analysis and Management Plan ~ $20,000+
    Vulnerability scans ~ $800
    Penetration testing ~ $5,000+
    Remediation ~ Varies based on where entity stands in compliance 
    and security
    Training and policy development ~ $5,000+
    Total: $50,000+, depending on the entity’s current environment

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact