That and Batman had that Kyptonight ring....
So HIPAA *SHOULD* apply to you *IF* you have to keep the medical record of the people you treat or transport. Likely you do not keep the record but provide it to the hospital, so would be fine (that or shred it when returning to the barn / fire house). In that case, the "mini security rule" part of the Privacy rules, would be all that applies to you.
At least that was the case when I was doing HIPAA (moved on to other things, while I still know it, focus on ISO, RFM, PCI, SOX, etc. now).
My comment was in reference to PWC trying to tell a company that did not touch cards are all, that they needed to be PCI and HIPAA compliant "Due to HR potentially having Medical data in employees files"...
I have worked with QSA's from 5 different organizations, including one that became an ISA for the company I worked at. None of them could agree what the PCI rules meant, much less how to meet them. Only One of them I would trust to do my review, but even then, my company told us to "Only answer what he asks, with short phrases, so he does not find issues"..... HELLO, they are there to help you prevent issues or protect you in the case of a breach (Hello, how was Target compliant with AV that was from 2007 and had been EOL for over three years?).
Sorry, I digress..... Compliance is important, but only when applied correctly. Security is even more important than compliance... but Compliance is NOT Security..... Never will be.
Working in Security, and being a former HIPAA Security officer, I hear that "excuse" all the time by people, especially outside auditors like PWC (They should know this shit right). The also try to push PCI on companies that do not process credit cards.
Sony could have that information, as part of FMLA requires you have that data, also some states (though mostly a company issue to cover their bases) requires medical notes if you miss three or more days of work, as "proof" you were sick. While for the doctor its HIPAA, for work its PII. This is to protect the company if you were to sue.
Potentially they would have it due to work related accidents, limited work requirements (such as someone with lifting restrictions), actor/actress requests, etc..
Just my two cents
First off that break down is what YOU AND I would pay for the parts, not what Apple paid. Second, not everything in the iPod was developed by Apple, more so in the original iPods. In the iPod touches, they used the iPhone chips for years, that did not require more engineering (as it was 90% of an iPhone). Over time, your cost goes down when your not making 100% new things, just making updates or swapping out chips.
My point, which people forget, is that Apple has a lower cost margin than what others do, and therefore make more money per device.
That money does pay for costs in the devices, OS they designed, etc. Regardless, they are making more than 30% on the iPod. The first rev of the hardware and software cost more than the next generations. Or do you assume that the iPod classic they sold for almost 10 years never made them more money on the "updated versions"... How often did that OS get updates? The Hard Drive cost to Apple would have gone down over that time period, but those reductions were not passed on to the consumer. The Zune sure did not have a 30% profit minimum for Microsoft.
My statement was about the music. Apple has NEVER disclosed their contract with BMG, not once. (If you can prove otherwise, I will retract my statement). From my working in the Music industry for many years, I can tell you that BMG does not get 70 cents per dollar on songs. Radio stations paid a flat fee to BMG for a year, normally around 25k for Country Music (this was in 2000). They made money (on paper) back from RCA and others to play Garth Brooks more per hour than other artists. RCA would do that to sell more CD's and get more tours for Garth. That is where they made their money.
Their statement was for independent artists, without a dedicated contract, that the profit was 30% per song.
Only an Apple Fanboy would not wonder how Apple showed more than 30% profit many years in a row to Wall Street, and believe that they only made that little per device... Course, at the risk of causing negative comments and statements, if Microsoft had not given Apple money in the 90's and offered Office on Mac's, Apple would not be where it is today.... But as normal on Slashdot, Facts are optional.......
Carry on with the "Media" facts now....
Apple has not done so for the Music Labels. What they charge the Independent people who sell music, without a written contract, is what you *know* about.
When Apple increased cost to allow for DRM free music, they said they would not disclose what the agreement between them and BMG was to allow for that.
If you have said contract, please share it. You would find that your numbers are way off.
That said, they are basing their complaint on everyone who ever bought an iPod.. Which begs the question why its not a class action suit....
So who knows.
Regardless of OS, poor testing of third party apps / services or poor security as part of your deployment, can cause you to be violated. I have seen many Linux server still using Telnet or VNC for management, and allowing ROOT to login directly to them....
Secure your environment regardless of what you run......