You're right. They obviously would be compelled to take the time necessary to read EVERY SINGLE POST to vet each one.
That makes a LOT of sense.
I am a forum moderator elsewhere, but I never really thought that you have to be one in order to understand how the process works. I'm obviously wrong on that account too.
I'll repeat my challenge. Next time you see a gender politics thread, give it a whirl. Do a few anon posts, do a few signed in. Try taking a position that agrees. Try taking a position that disagrees. See what stays and what's left./. deletes posts. The neat thing is that you don't have to take my word for it. You can find out.
>And every single one of them has comments that include the term, "SJW".
Amazing, you figured out that not ALL posts are deleted.
>posts don't make the cut.
It is not/. stated policy to delete posts that don't meet with your approval. That's what moderation is for. There is not "cut" to make.
"I can't help but think that part of the problem is that the scientist is Dr. Phil Mason, aka thunderf00t"
It's an open secret that post-deletion is rampant on/. now. I wish I could, like some imbecile just told me in another thread, call it a "conspiracy." But I've seen people complain and I had it happen to my own posts.
If a submission has anything to do with anything or anyone that portrays certain Favored Topics in a negative light, you bet your ass it's never going to get the green light.
Unless you're just being goofy, I want you to stop and think.
I mean really THINK.
Is it possible to verify this? If you THINK about it, you'll realize the answer is yes -- you can verify it.
Next time you see a gender politics thread, give it a whirl. Do a few anon posts, do a few signed in. Try taking a position that agrees. Try taking a position that disagrees. See what stays and what's left.
All you need to understand is that/. will often NOT remove spam or troll posts like this, but WILL remove posts that use the three-letter acronym for 'ess jay doubleyew' in gender-related topics like women in STEM.
>While HIPPA has good parts and bad parts, one of the things it is routinely used for is to provide "privacy" >as an excuse for anything a healthcare organization doesn't feel like talking about, in the same way that >"privileged" or "classified" is used by governments.
Nooooooo no no no no no no no.
You can complain to HHS if a covered entity denies you information about your own records or billing. With literal million dollar fines being handed out for violations, this is no longer a "thing." It was in the year 2000 when a lot of uncertainty existed. The hospital where the woman worked would get their ass kicked over this, including fines for not having an adequate training program, fines for failing to provide information to the patient, fines for not having an adequate compliance program... HIPAA authorizes disclosures for Treatment, Payment, or health care Operations.
Correct for any crop. Remember, that's a SCOTUS decision and this is an agency decision. The most recent commerce decision relating to a crop was Gonzalez. You might like reading it, BTW, it's a marijuana decision. Anything that "could" move in interstate commerce IS interstate commerce.
But in that case, too, it MATTERS WHO DOES OR COULD MAKE THE MONEY. Just like in our 'youtube gets the ad revenue, not the drone pilot' debate here.
It's low hanging fruit to get a new source of (penalty/fine) revenue, going after Youtube uploaders. Meanwhile, people like my friend operate a nice $$$ weekend business doing drone-based aerial photography (he tells me it's not all surveying; maybe it's voyeurism, who knows, but one thing's for sure -- the FAA has not and will never hear of him).
So you're engaging in commercial activity right now, and I am too? We're both posting on Slashdot, after all.
>Once you start arguing that it's not the operator making money, you open a slippery slope
The whole "standard" you've invented out of whole cloth here? Yeah. Not part of the commerce clause. This IS the exact argument: who makes the money. If it could be anyone in the world tangentially related to the person providing the content, then your viewing a billboard while driving would be interstate commerce. (After all, you said in your "standard" that it's not who makes the money).
Sorry man, the thing is, he wants/. to be like it was and not how it is now, which is like reddit, with movie quotes and in-jokes. Don't be too hard on the old timers. I get that we need to evolve and talk about Pokeyman and make references to '10 era teen comedies or whatever but we have a hard time with that:-/
Back in 2006 Slashdot ran a CSS redesign contest. Slashdot users overwhelmingly preferred Peter Lada's redesign: http://web.archive.org/web/201...
Slashdot, in contravention, picked a mobile-ready, stripped down design that left a lot to be desired.
Then the beta fiasco with the Dice purchase happened in 2014, IIRC. It was presented in a VERY confrontational 'fuck you' way: get ready to have this shoved down your throat for the sake of pointless redesign. Needless to say, they gave users an option for a while and then they appeared to drop the issue.
But change HAS to happen at SOME point, because you NEED to utterly derail what works, right? In order to avoid a hue and cry, Slashdot will be making unannounced incremental changes like this. Why? Because fuck the slashdot community, that's why.
Nearly everything you've stated is false and contradicts the plain wording of the statute. You're actually giving out "legal opinions"?
>The information shared is "personal information" not "medical information"
Please review the elements of IIHI at Section 164.514(b)(2)(i) and that IIHI is a subset of PHI at Section 160.103(1) and (2).
> HIPAA doesn't apply to the government anyway
Then why does IHS have to comply? Why does the NIH bother with it at all when they interface with non-government organizations?
>And, unless it's changed since the last time I looked, the "p" had been enforced, but never the "a"
Portability and not accountability? You haven't even looked at the enforcement actions taken by the OCR, then.
> People have been fined for not releasing information, but never fined for releasing too much to the wrong people.
You literally don't know what you're talking about. I'm honestly terrified for your clients (if you actually have any).
> even when it explicitly says "this should not be construed to mean that encryption is required"
The law doesn't say that, nor anything even remotely close, and you have drastically misunderstood the addressability standard, and furthermore, see Section 164.312, Technical safeguards which will rest assured contradict what you've said.
If you ever really had clients, you did them not only a disservice, you've left yourself open to have your ass sued off (and I'm not even talking about HIPAA at that point, but gross negligence.)
See my earlier comments, but this is most definitely false.
The issue is that HHS boxed themselves in by the way they defined business associates and medical information. This is not a case of "HIPAA only applies to providers like hospitals" (which was the case prior to 2009). Giving even a name to an insurance company after facilitating shopping for medical insurance qualifies the entity or party as a business associate, and that data -- even though it's not "I have a cold" or whatever -- is still legally defined as medical data. (See section 160.103 for more on this.)
HIPAA absolutely, 100% applies. As I point out elsewhere, the issue is what happens when HHS says "well, we wrote it for the little people, not for US."
That may be, but by the very black and white wording of the law itself, the site is acting in a business associate capacity on behalf of health insurance companies. Despite what is being reported -- "HHS says it isn't covered uhcuz it doesn't wanna be" -- it is, indeed, covered by HIPAA.
I have been quoting section references to you in an earlier reply but it might be better if you read a summary: http://www.hhs.gov/ocr/privacy...
The problem for the website is that by HHS definitions, it is handling PHI (remember Section. 160.103 here) and is acting in a business associate capacity (this is also, coincidentally, covered at Section 160.103) and is therefore covered by HIPAA, period, over and done.
As for what happens when they pull the "well, we don't feel like it" card at HHS, I have no idea.
Check Section 164.514(b)(2)(i) for the identifiers. Remember, IIHI is literally defined as a "subset" of PHI (see Section 160.103). That means disclosing, say, a name alone is a breach of HIPAA in a healthcare context (and shopping for medical insurance is, and it is very much covered by HIPAA).
Data doesn't need to be medical in nature, it needs to be related to healthcare. Your personal data qualifies in this context, I can absolutely assure you.
Changed in 2009 with compliance date of Sept 2014, to be even more technically correct. Bottom line, though, HIPAA applies. We seem to agree on that important point. I feel like filing a complaint with HHS about HHS.
They'll follow this course of action now -- subtle stuff.
Back in 2006 they ran a CSS redesign contest. Slashdot users overwhelmingly preferred Peter Lada's redesign: http://web.archive.org/web/201...
They picked a mobile-ready, stripped down design that left a lot to be desired. Then the beta fiasco with the Dice purchase ("fuck you, get ready to have this shoved down your throat for the sake of pointless redesign" ).
To avoid a hue and cry, they'll be making unannounced changes like this. Why? Because fuck the slashdot community, that's why.
I stand by the many findings outlined on Schneier's blog. The huge preponderance of evidence points to an insider. There is a LOT more in play than the USB speeds, but you want to take up one point I cited and rest all of your rebuttals on it? Just that ONE?
But _you_ told _me_ to "think" before replying. [sigh]
I think his point is that there is no possible way that Iraq could have made NEW chemical weapons at any point after victory was declared in May 2003 (end to major combat operations, etc).
You and I know that those chemical weapons were known about because they were cataloged and not moved after Gulf War I in the 90's. You and I know that chlorine wasn't a "WMD" that the Bush administration referred to. You and I know those things. But a sizable block of the general public has simply been fooled into thinking that whatever is found NOW in Iraq is proof positive that Saddam was developing WMDs (the Bush admin meant Uranium-fulled weapons like nukes) in 2002.
Next he'll tell us that Saddam flew those planes into the buildings himself and parachuted out at the last minute.
Slashdot Mirror
>where big % of community signed out of social media for various valid reasons.
EXACTLY and it amazes most if not all of us that Dice could fundamentally misunderstand the user base so badly.
I can just imagine the discussions -- hey let's buy Slashdot, it's Facebook for tech nerds!
[Throws up hands]
You're right. They obviously would be compelled to take the time necessary to read EVERY SINGLE POST to vet each one.
That makes a LOT of sense.
I am a forum moderator elsewhere, but I never really thought that you have to be one in order to understand how the process works. I'm obviously wrong on that account too.
Allows them? Sure. Has this turned into fucking Reddit?
Did I have to literally specify the percentage they leave standing and the percentage deleted?
I'll repeat my challenge. Next time you see a gender politics thread, give it a whirl. Do a few anon posts, do a few signed in. Try taking a position that agrees. Try taking a position that disagrees. See what stays and what's left. /. deletes posts. The neat thing is that you don't have to take my word for it. You can find out.
>And every single one of them has comments that include the term, "SJW".
Amazing, you figured out that not ALL posts are deleted.
>posts don't make the cut.
It is not /. stated policy to delete posts that don't meet with your approval. That's what moderation is for. There is not "cut" to make.
"I can't help but think that part of the problem is that the scientist is Dr. Phil Mason, aka thunderf00t"
It's an open secret that post-deletion is rampant on /. now. I wish I could, like some imbecile just told me in another thread, call it a "conspiracy." But I've seen people complain and I had it happen to my own posts.
If a submission has anything to do with anything or anyone that portrays certain Favored Topics in a negative light, you bet your ass it's never going to get the green light.
Unless you're just being goofy, I want you to stop and think.
I mean really THINK.
Is it possible to verify this? If you THINK about it, you'll realize the answer is yes -- you can verify it.
Next time you see a gender politics thread, give it a whirl. Do a few anon posts, do a few signed in. Try taking a position that agrees. Try taking a position that disagrees. See what stays and what's left.
All you need to understand is that /. will often NOT remove spam or troll posts like this, but WILL remove posts that use the three-letter acronym for 'ess jay doubleyew' in gender-related topics like women in STEM.
Speaks volumes about the /. leadership.
>While HIPPA has good parts and bad parts, one of the things it is routinely used for is to provide "privacy"
>as an excuse for anything a healthcare organization doesn't feel like talking about, in the same way that
>"privileged" or "classified" is used by governments.
Nooooooo no no no no no no no.
You can complain to HHS if a covered entity denies you information about your own records or billing.
With literal million dollar fines being handed out for violations, this is no longer a "thing." It was in the year 2000 when a lot of uncertainty existed. The hospital where the woman worked would get their ass kicked over this, including fines for not having an adequate training program, fines for failing to provide information to the patient, fines for not having an adequate compliance program... HIPAA authorizes disclosures for Treatment, Payment, or health care Operations.
http://www.hhs.gov/ocr/privacy...
Source: am a HIPAA auditor
Your statement may be confusing to some people.
http://collectionagencydebt.bl...
The answer is most certainly not "zero."
Correct for any crop. Remember, that's a SCOTUS decision and this is an agency decision. The most recent commerce decision relating to a crop was Gonzalez. You might like reading it, BTW, it's a marijuana decision. Anything that "could" move in interstate commerce IS interstate commerce.
But in that case, too, it MATTERS WHO DOES OR COULD MAKE THE MONEY. Just like in our 'youtube gets the ad revenue, not the drone pilot' debate here.
Your move.
It's low hanging fruit to get a new source of (penalty/fine) revenue, going after Youtube uploaders. Meanwhile, people like my friend operate a nice $$$ weekend business doing drone-based aerial photography (he tells me it's not all surveying; maybe it's voyeurism, who knows, but one thing's for sure -- the FAA has not and will never hear of him).
So you're engaging in commercial activity right now, and I am too? We're both posting on Slashdot, after all.
>Once you start arguing that it's not the operator making money, you open a slippery slope
The whole "standard" you've invented out of whole cloth here? Yeah. Not part of the commerce clause. This IS the exact argument: who makes the money. If it could be anyone in the world tangentially related to the person providing the content, then your viewing a billboard while driving would be interstate commerce. (After all, you said in your "standard" that it's not who makes the money).
Sorry man, the thing is, he wants /. to be like it was and not how it is now, which is like reddit, with movie quotes and in-jokes. Don't be too hard on the old timers. I get that we need to evolve and talk about Pokeyman and make references to '10 era teen comedies or whatever but we have a hard time with that :-/
Back in 2006 Slashdot ran a CSS redesign contest. Slashdot users overwhelmingly preferred Peter Lada's redesign:
http://web.archive.org/web/201...
Slashdot, in contravention, picked a mobile-ready, stripped down design that left a lot to be desired.
Then the beta fiasco with the Dice purchase happened in 2014, IIRC. It was presented in a VERY confrontational 'fuck you' way: get ready to have this shoved down your throat for the sake of pointless redesign. Needless to say, they gave users an option for a while and then they appeared to drop the issue.
But change HAS to happen at SOME point, because you NEED to utterly derail what works, right? In order to avoid a hue and cry, Slashdot will be making unannounced incremental changes like this. Why? Because fuck the slashdot community, that's why.
Nearly everything you've stated is false and contradicts the plain wording of the statute. You're actually giving out "legal opinions"?
>The information shared is "personal information" not "medical information"
Please review the elements of IIHI at Section 164.514(b)(2)(i) and that IIHI is a subset of PHI at Section 160.103(1) and (2).
> HIPAA doesn't apply to the government anyway
Then why does IHS have to comply? Why does the NIH bother with it at all when they interface with non-government organizations?
>And, unless it's changed since the last time I looked, the "p" had been enforced, but never the "a"
Portability and not accountability? You haven't even looked at the enforcement actions taken by the OCR, then.
> People have been fined for not releasing information, but never fined for releasing too much to the wrong people.
You literally don't know what you're talking about. I'm honestly terrified for your clients (if you actually have any).
> even when it explicitly says "this should not be construed to mean that encryption is required"
The law doesn't say that, nor anything even remotely close, and you have drastically misunderstood the addressability standard, and furthermore, see Section 164.312, Technical safeguards which will rest assured contradict what you've said.
If you ever really had clients, you did them not only a disservice, you've left yourself open to have your ass sued off (and I'm not even talking about HIPAA at that point, but gross negligence.)
See my earlier comments, but this is most definitely false.
The issue is that HHS boxed themselves in by the way they defined business associates and medical information. This is not a case of "HIPAA only applies to providers like hospitals" (which was the case prior to 2009). Giving even a name to an insurance company after facilitating shopping for medical insurance qualifies the entity or party as a business associate, and that data -- even though it's not "I have a cold" or whatever -- is still legally defined as medical data. (See section 160.103 for more on this.)
HIPAA absolutely, 100% applies. As I point out elsewhere, the issue is what happens when HHS says "well, we wrote it for the little people, not for US."
That may be, but by the very black and white wording of the law itself, the site is acting in a business associate capacity on behalf of health insurance companies.
Despite what is being reported -- "HHS says it isn't covered uhcuz it doesn't wanna be" -- it is, indeed, covered by HIPAA.
I have been quoting section references to you in an earlier reply but it might be better if you read a summary:
http://www.hhs.gov/ocr/privacy...
The problem for the website is that by HHS definitions, it is handling PHI (remember Section. 160.103 here) and is acting in a business associate capacity (this is also, coincidentally, covered at Section 160.103) and is therefore covered by HIPAA, period, over and done.
As for what happens when they pull the "well, we don't feel like it" card at HHS, I have no idea.
Check Section 164.514(b)(2)(i) for the identifiers. Remember, IIHI is literally defined as a "subset" of PHI (see Section 160.103). That means disclosing, say, a name alone is a breach of HIPAA in a healthcare context (and shopping for medical insurance is, and it is very much covered by HIPAA).
Data doesn't need to be medical in nature, it needs to be related to healthcare. Your personal data qualifies in this context, I can absolutely assure you.
Changed in 2009 with compliance date of Sept 2014, to be even more technically correct. Bottom line, though, HIPAA applies. We seem to agree on that important point. I feel like filing a complaint with HHS about HHS.
"only "covered entities" have to comply with HIPAA privacy regulations and, guess what? The government is not a covered entity."
Hi, HIPAA guy here. This is most assuredly incorrect. Popular misconception though.
Per HHS' own rules, the site operates as a Business Associate and is fully covered by HIPAA.
http://www.hhs.gov/ocr/privacy...
They'll follow this course of action now -- subtle stuff.
Back in 2006 they ran a CSS redesign contest. Slashdot users overwhelmingly preferred Peter Lada's redesign:
http://web.archive.org/web/201...
They picked a mobile-ready, stripped down design that left a lot to be desired. Then the beta fiasco with the Dice purchase ("fuck you, get ready to have this shoved down your throat for the sake of pointless redesign" ).
To avoid a hue and cry, they'll be making unannounced changes like this. Why? Because fuck the slashdot community, that's why.
Hell even more joy.
https://www.schneier.com/blog/...
http://www.foodnetwork.com/rec...!
I stand by the many findings outlined on Schneier's blog. The huge preponderance of evidence points to an insider. There is a LOT more in play than the USB speeds, but you want to take up one point I cited and rest all of your rebuttals on it? Just that ONE?
But _you_ told _me_ to "think" before replying. [sigh]
As you will not, for whatever reason, Google the terms, here's the link.
https://www.schneier.com/blog/...
Read it, or don't and continue to debate me on one example I quoted. Knock yourself out, deep thinker.
Network speeds if it's over the network.
USB speed if it's USB, and you're SITTING THERE AND DOING IT LOCALLY. And then you take the copied data away. Because you'd be an insider.
Are you getting it yet? No?
Okay. And if you reached the machine over the network and it had a USB drive attached? It would be network speeds because it's...
[audience in unison]
OVER! THE! NETWORK!
I think his point is that there is no possible way that Iraq could have made NEW chemical weapons at any point after victory was declared in May 2003 (end to major combat operations, etc).
You and I know that those chemical weapons were known about because they were cataloged and not moved after Gulf War I in the 90's. You and I know that chlorine wasn't a "WMD" that the Bush administration referred to. You and I know those things. But a sizable block of the general public has simply been fooled into thinking that whatever is found NOW in Iraq is proof positive that Saddam was developing WMDs (the Bush admin meant Uranium-fulled weapons like nukes) in 2002.
Next he'll tell us that Saddam flew those planes into the buildings himself and parachuted out at the last minute.