logoalt Hacker News

nradovtoday at 2:31 AM1 replyview on HN

While it doesn't apply in this particular case, for healthcare organizations the HIPAA privacy rule implies a legal responsibility to lock out terminated employees from any access to protected health information.


Replies

vel0citytoday at 2:42 AM

That doesn't absolve an employee (or ex-employee) of the covered entity going about and abusing the access they do have.