Before the rise of the Internet, traditional media like magazines and newspapers got the majority of their revenue from advertising. It's nice when people pay money to subscribe but it wasn't enough then. It's probably not enough now.
Before the internet, we still had to pay for newspaper subscriptions, and their revenues were supplemented by advertising.
The advertising will continue. The subscriptions are only meant to define the audience demographics. Lots of print media companies actually limit their audiences to only marketable demographics, especially magazines. Magazines often say they're oversubscribed if they don't hit certain demographic profiles, so their advertisers aren't being wasted. For example, if a bunch of poor college males were subscribing to Vogue, it doesn't help their advertisers. And those subscriptions costs a ton of money in mailings, so they tighten their audience to be core advertiser friendly.
Amazon's BAA allows you to use only approved services [1] to process, store, and transmit ePHI. The list isn't very long, it's currently just 10 AWS services, and it doesn't include some basic ones like SQS. RDS with PostgreSQL was just added to that list this week (Aurora was also added, which is neat because now that it has a PostgreSQL front-end, I have two reasons to play with it).
So I suppose this means storing data in Postgres RDS is HIPAA compliant now by default?
I am not an expert in this, but I do have to sit through a day of training every year for this.
You should probably be doing a bunch of other things to be HIPAA compliant in AWS, it's not just a box you check off.
In the past you could be HIPAA compliant and use Postgresql RDS by signing a business associate agreement and doing things like using dedicated instances in their own VPC.
So I suppose this means storing data in Postgres RDS is HIPAA compliant now by default?
At a minimum, you'd still have to sign that BAA with them. I mention that not for you, but for anyone else at home thinking "oh, I can deploy RDS/PostgreSQL and be OK with HIPAA without doing anything else!" That's (still) not the case.
In logic terms, this certification is necessary but not sufficient. It's not sufficient by itself, but it is a hard requirement because RDS hasn't been covered under their BAA up until the last day or so. That is, it wasn't covered the last time I checked, maybe a week ago, but it is now today. This was confirmed by our AWS tech reps when we recently talked to them: they absolutely did not HIPAA certify PostgreSQL the last time we asked about it. And oh, how I promise you we talked about it.
In the past you could be HIPAA compliant and use Postgresql RDS by signing a business associate agreement and doing things like using dedicated instances in their own VPC.
Citation needed. We were told multiple time by our reps and solution architect that RDS+PostgreSQL was not certified in any way. The only AWS options we had for HIPAA PostgreSQL were 1) hosting our own instance (that is, not using RDS in any way, just plain old EC2) or 2) paying a third party for managed PostgreSQL hosting.
I have read that unreinforced concrete structures can stand for thousands of years, which you confirm just by noting some Roman structures still standing.
You can build much higher and bigger with reinforced concrete, but they will only be up for at most many decades, because steel always rusts.
I recently listened to a podcast where Jeremy Scahill (the author of the book Dirty Wars) claims Saudi Arabia has been belligerently bombing Yemen to show unruly groups inside of Saudi Arabia that they have the ability to bomb people too.
