Is Win2k + SP3 HIPAA Compliant?

Chris asks: "Our company deals with medical records in a peripheral sort of way (as they pertain to student loans), and due to new laws we are required to be HIPAA compliant by April. After reading the discussion on here about the new EULA for Win2k SP3, I had a disturbing thought. As far as I can tell, if you use Windows 2000 then you're going to be out of compliance whatever you do. If you install the patch, then theoretically Microsoft could access those medical records (possibly by accident) without 'due cause or need' in the process of updating your machine. If you don't patch your system then you'll fail the security requirements of the law." If Win2k with SP3 is not HIPAA compliant (and I stress the if because no one has made a statement either way, yet) what can non-compliant Medical IT departments do?

MS + "anything" = Slashdot news

[garoush]

Questions like those can't be answered by /. readers -- you need a lawyer and some one who understand both the HIPAA and Windows domain to help you out.

Asking such questions on /. will give you nothing but opinions on HIPAA and Windows and how /. views Windows and MS as evil.

Slashdot is becoming "news for making news" (and it can easly be done by throwing MS in the mix) not "news for nerds ...".

Gone the days when /. was news for nerds.