On Mon, 03 Jul 2006 20:38:04 EDT, Stack Smasher said: > To my knowledge, no one has ever been convicted or fined for HIPAA > violations EVER. Don't wast your time, at this point you risk being > arrested and blamed for this finding rather commended by finding it. Only because the wheels of justice turn slowly. HIPPA is a fairly new law, and unlike a murder where it's usually a pretty quick thing to detect the crime, a HIPPA violation can lay there for a LONG time until somebody raises a complaint. Then it's usually a civil matter, so you end up with a long discovery period and getting it to trial. I predict in the next 12-18 months, we'll start seeing cases come up. Three other things to note: 1) Most of the people whos records have HIPPA issues don't understand HIPPA, and as a result won't make a HIPPA case out of it. If Joe Mechanic's records are leaked, he (a) doesn't know it happened and (b) doesn't know what to do about it. 2) Most HIPPA issues result in civil cases, not criminal - and civil cases can (and often are) settled out of court with no court record generated. 3) HIPPA only covers certain classes of providers (hospitals, doctors, insurance companies, and some related areas), and the 'software vendor' is quite probably not covered.
Attachment:
pgpWibK5XE6pO.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/