Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

HIPAA applies to healthcare professionals and providers, not ad tech companies. And race and citizenship are not personal health-related data.


That's not actually true. It applies to health care data. If you're a software engineer making a system that includes HIPAA-protected data, you can face individual criminal liabilities for mishandling the data.


No, not really. If you are not a covered healthcare entity, or a business association of a covered healthcare entity, the law simply does not apply to you at all.

Also, I believe (but am not certain) that if there was any criminal case, it would be leadership (C*O) not individual software engineers who would be charged. This is speculation on my part, if anybody has clear facts I'm happy to hear them.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: