I’ve worked in healthcare tech and this is pretty bad. You get fined per patient record and it’s not cheap. You also get put on a “wall of shame” where anyone who might do business with you in the future can look and see. You can also be held personally liable if you mess up. It’s really intense.
At my old job we didn’t even allow PII to pass through our API so we couldn’t accidentally log it and kept all of it in its own VPS totally isolated from the rest of our system. When we needed a record we’d put it into an S3 bucket and hand back temp link that only the caller could access (and expired within a short period of time) Total pain but you could sleep at night.
At my old job we didn’t even allow PII to pass through our API so we couldn’t accidentally log it and kept all of it in its own VPS totally isolated from the rest of our system. When we needed a record we’d put it into an S3 bucket and hand back temp link that only the caller could access (and expired within a short period of time) Total pain but you could sleep at night.