Reforming isn't an issue. Reforming isn't scrapping and starting over. But I think there is a bigger issue. This won't be an issue with just the SAS. This will be an issue throughout many parts of the armed forces and government. In my experience, this is a human thing and is found everywhere. As far as if the Chinese come for AUS, the SAS will absolutely play a huge role. They will be the ones infiltrating Chinese locations for sabotage, target acquisition, etc. If the Chinese were to make a land invasion, unlikely, the SAS would be the ones performing the guerilla war to slow and delay them. ASAS Squadron 4 has been heavily involved in overseas intelligence gathering, similar to the US ISA. That is an enormous capability that can't be easily re-created. As far as the SAS, AUS punches way above its weight.

Disbanding the SAS would be a catastrophic mistake. That would leave Australia without a true special operations capability. What do you do after that? Create an entirely new unit from scratch, a new training program, new facilities? That would take years to complete. The only group that benefits from that is China. A potential enemy without its premier special operations unit. For me, that makes no sense. Hold those that did these acts accountably. If necessary, hold their leadership accountable. But to disband an entire unit?

Maybe you and I are working under different HIPAA regulations. Promising isn't enough. The Covered Entity can't transfer risk and liability to a third party in any way as far as HIPAA is concerned. When you allow a third party, a Business Associate, to access your data, you are still responsible for whatever they do with it. Yes, a Business Associate can be held liable, but that liability still moves upstream to the CE. That is why CEs are required to do their own due diligence on all BAs. We have a questionnaire that we give to providers to give to their BAs. When was your last Risk Assessment? Can we see it? What is your disaster and recovery plan? Can we see it? WIll any of this data or work be performed offshore? Patients can waive their rights to have their information shared with third parties or used for research. They cannot waive their rights to the protection of their data. just because a patient signs a waiver that says I won't sue you or do anything if you misuse my data doesn't mean it is valid. HIPAA regulations still protect you when the data is created by a CE or used by a BA. A common misunderstanding is who is covered by HIPAA. There are lots of places that have or create medical data that are not covered at all. Drug testing centers, those who only accept cash for payment (no CMS billing), and the patients themselves. I hear from patients all the time who say that someone posted about my medical condition on Facebook and that violates HIPAA. If that person wasn't employed at a CE or BA, then no, it wasn't.