Utter the acronym HIPAA to people in the medical profession and you will get a variety of facial responses, none of which have been, in my experience, a smile of contentment. Indeed, HIPAA’s privacy and security rules are often grumbled about as being burdensome and restrictive. The rules are increasingly criticized as ineffective these days and people are asking: How can an entity be HIPAA compliant and still suffer a breach of protected health information? By Stephen Cobb, Senior Security Researcher, ESET
