Ask HN: How bad is this survey's security? I am a participant in a longitudinal study. Periodically I am asked to answer questions in an online survey that:
The login credentials are:
But it gets worse: you can login to a partially completed survey and information previously entered has been saved.I know this is terrible from a vanilla compsec standpoint; but isn't this information covered by HIPAA? What can I tell this organization to get them to understand the severity of this? |