HIPAA is almost the perfect example of pg's schlep blindness thesis. (See article of same name.)
Is it annoying? Yes. Does it add cost and complexity? Yes. Are any of the requirements of dubious to nil security value in many cases? Yes. (+)
But HIPAA is not a barrier like "create a meaningful application from nothing" or "successfully navigate an enterprise sales purchasing process" is a barrier. After you've got a handle on what it asks you to do it is really anticlimactic.
+ I am required to have a document which explicitly states that I will discipline myself most severely for misuse of patient information. No joke.
Is it annoying? Yes. Does it add cost and complexity? Yes. Are any of the requirements of dubious to nil security value in many cases? Yes. (+)
But HIPAA is not a barrier like "create a meaningful application from nothing" or "successfully navigate an enterprise sales purchasing process" is a barrier. After you've got a handle on what it asks you to do it is really anticlimactic.
+ I am required to have a document which explicitly states that I will discipline myself most severely for misuse of patient information. No joke.