Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You do know that HIPAA violations can land you in jail, right? Run. Don't walk. Vacate immediately. Leave.

I'm finding myself hoping that this is a fake, because I wouldn't wish this situation on anyone at all.



This was my first exposure to a professional development job, but for medical transcription (we had a billing dept too). I wasn't even hired to do it (I was hired as help desk staff), but the application neeeeded updating and the 2013 HIPAA omnibus had just dropped so we were on the line to get in compliance and no one else was stepping up. I had to learn as I went. decade old, undocumented code written in old .NET and (some) Java 6.

No version control, running on Win2000/XP, ancient beige box hardware (some with turbo buttons).

I was 19 and making $9 an hour. I got fired for automating my help desk tasks so I could bring us up to date.


Yeah...as someone who works on HIPAA compliant software, this sounds very scary to me. We carry a $1M insurance policy at all times. Did you sign a business associate agreement?


This might be why the CEO doesn't want version control. It's extra evidence


Unfortunately wouldn't be the first time I've heard something like this :(


Not just jail, you are also now personally liable. Meaning your personal assets are on the table for a lawsuit (at least according to Stanford’s HIPAA training)


You won’t go to jail if you do nothing wrong, but legal fees. Ugh, yeah, you’ll be in court as a witness and possibly defendant if you don’t leave ASAP.


> be in court as a witness and possibly defendant if you don’t leave ASAP

Might be able to quit the job, turn them in for HIPPA violations and also claim unemployment (source: I did this at a job that was violating HIPPA)


Or if they have a better lawyer than yours.


Well that would be the OCR. It’s doubtful they would waste a lot of resources going after a developer, unless they really thought he had done something. Usually they go after leadership.


And then leadership hires good lawyers that do their best to deflect the blame to the developer.


I don't think anyone has gone to jail for HIPAA violations who wasn't intentionally misusing or stealing PHI.


not a lawyer, but I think intent is a big piece. That said, if you ever feel pressured to do something that you know, or even think, might "not be quite right", diplomatically argue your point and get things in writing. Even an email thread between you and a manager is good. The idea is this: if the fecal matter hits the oscillator and auditors come in, you want evidence that you were doing what you were told, despite your protests.


Unless you're boss tells you to do something so egregious that after the fact it will look like you're stealing or committing fraud you'll be fine.

If your boss says "Hey download all of the PHI for these celebrities to a flash drive and load it on your computer at home" you should definitely say no or get it in writing.

But if your boss says "hey I need a copy of George's medical records, e-mail them to me" as an individual you won't get in any personal liability for it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: