They do have HIPAA. That doesn’t mean their IT departments configured Windows correctly. Especially if it’s a government facility that’s required by law to accept the lowest bid from a third-party IT provider.
I work in municipal government, and our third-party IT is absolutely terrible. They can’t manage to set up an email address or image a computer without inventing 19 new ways to fuck it up. They’ve called me for help with my coworkers’ computers. If I worked in tech, that wouldn’t be so bad, but I work in the planning department.
Technical issues are irrelevant. If Microsoft is caught acting on this data, then they are in a lot of legal trouble. As far as I know, HIPAA doesn’t have exceptions for unintentional data leakage from inept admins.
They do have HIPAA. That doesn’t mean their IT departments configured Windows correctly. Especially if it’s a government facility that’s required by law to accept the lowest bid from a third-party IT provider.
I work in municipal government, and our third-party IT is absolutely terrible. They can’t manage to set up an email address or image a computer without inventing 19 new ways to fuck it up. They’ve called me for help with my coworkers’ computers. If I worked in tech, that wouldn’t be so bad, but I work in the planning department.
Technical issues are irrelevant. If Microsoft is caught acting on this data, then they are in a lot of legal trouble. As far as I know, HIPAA doesn’t have exceptions for unintentional data leakage from inept admins.