> Trump falsely claimed that California will send mail-in ballots to "anyone living in the state, no matter who they are or how they got there." In fact, only registered voters will receive ballots.
This not "wondering about how susceptible mail in voting is to fraud," it's an outright lie.
The fact there is a high barrier of entry might be one of the only appeals golf has at all? Playing it is a status symbol. Although, I think maybe that elite status symbols themselves may be on a downswing, maybe because of the growing awareness of wealth inequality?
Super rich people used to ride around in stretch limos and people found it interesting and exciting, now there's a growing perception that's disgusting and super rich people tend to visibly travel in much more inconspicuous vehicles (which are taking them to their private jets).
There are a few options if you want HIPAA compliance. Note that "HIPAA compliance" is somewhat of a loaded term in that there aren't many super-technical benchmarks to meet, but a general "do-good" attitude including (but not limited to) some of the following points:
- Physical server isolation: you cannot have other instances sniffing around in your deallocated garbage memory.
- Encrypted data stores: physical theft of the server should not provide access to your data.
- Server providers who can sign a Business Associate Agreement: many hospitals and firms with medical data require this in their stipulations.
- Audit trails for database modifications, access, etc. Basically, log everything, and this has to be encrypted too if it contains protected health information (PHI).
- All PHI over HTTPS if you have a webapp. NO PHI OVER EMAIL OR HTTP.
- "Soft" guidelines such as password complexity measures, auto session expiration, disallowed multi-sessions.
Again, this is not an exhaustive list. You really need to check with a lawyer who knows this stuff. The fines are enormous (read: business-ending) if you break the rules.
How do you work to implement these? Well, find a host who is willing to sign a BAA. Here are the two major contenders I'm aware of:
- Use Amazon AWS; they're willing to sign a BAA with you and provide you the physical server isolation you need. However, this doesn't come cheap. Expect >$2,000/mo in costs to keep this configuration. Also, you'd better be a network pro or willing to learn how to manage VPCs correctly to provide proper network-level isolation for the databases.
- Use aptible.com (they happen to be a YC company, and I don't know of anyone else doing this). Frank & Chas (the founders) are very responsive and aim to provide a comprehensive package, including backups, audit trails, and even employee training. The Docker-based and heroku-like interface is very appealing:
This option is still expensive. They host on AWS as well, so you're paying for the server costs + premium. However, this will still be a lot cheaper than hiring a competent sysadmin to make sure the execution is flawless.
> Trump falsely claimed that California will send mail-in ballots to "anyone living in the state, no matter who they are or how they got there." In fact, only registered voters will receive ballots.
This not "wondering about how susceptible mail in voting is to fraud," it's an outright lie.