2

I'm new as a software dev and I was assigned to implement some changes to an application. When I asked my colleague I was told it didn't exist a test version and said it had to be uploaded to the real application. Hearing this I was eager to see the changes I had made in the application. Because of this, i had to grant myself access to the application and the ability to view personal info and not once did it struck me that I was going viewing a real person. All I was thinking was to see my code in production. I didn't even glance at the data. I'm used to working on mockup data and only care about the changes I do to the software.

Note that I had to access what I used to think was a mockup person otherwise I wouldn't be able to see the changes I had made.

Did I breach HIPAA? What consequences may I face? I'm going to report this accident to my boss but this got me thinking.

This struck my mind sometime after I did the changes.

Navi
  • 116
  • 2
  • 10
Kndler
  • 21
  • 1
  • 3
    Is this a heath care application containing patient data? I think you're correct, going to your boss to find out if you have a reporting process to follow is the correct approach. And ask him to approve settting up a test environment with mock data while you're at it. – Xander Feb 23 '18 at 18:27
  • There's no agency out there looking to "bust you" so don't worry about consequences. – dandavis Feb 23 '18 at 20:13
  • 1
    This might be a better question for Law.SE or Workplace.SE. – forest Feb 24 '18 at 04:29
  • One of the many, many, many (many) reasons test environments are important. As an aside, aren't you in a position to suggest a test environment is set-up off the back of this conversation? That's the difference between a dev that'll make a difference and gain respect and a dev that just goes through the motions. –  Feb 24 '18 at 11:26

0 Answers0