Is Win2k + SP3 HIPAA Compliant?

Chris asks: "Our company deals with medical records in a peripheral sort of way (as they pertain to student loans), and due to new laws we are required to be HIPAA compliant by April. After reading the discussion on here about the new EULA for Win2k SP3, I had a disturbing thought. As far as I can tell, if you use Windows 2000 then you're going to be out of compliance whatever you do. If you install the patch, then theoretically Microsoft could access those medical records (possibly by accident) without 'due cause or need' in the process of updating your machine. If you don't patch your system then you'll fail the security requirements of the law." If Win2k with SP3 is not HIPAA compliant (and I stress the if because no one has made a statement either way, yet) what can non-compliant Medical IT departments do?

Re:HIPAA Compliance

[Anml4ixoye]

Asking Slashdot will certainly give you a wide variety of unfounded opinions, and baseless conclusions, but it won't actually be useful. At all.

Normally I would agree wholeheartedly with this statement. However, I have already seen a comment from a person who is going through the same thing and had a bang-up answer that made since. I have seen a lot of crap, but I don't think that the author is intending on using Slashdot in court ("Your honor, but L0053c4nn0n on Slashdot said it was right!") but simply not wanting to duplicate steps that others have already taken.

SILENCE!

[Ride-My-Rocket]

Dissent from within the Slashdot ranks will NOT be tolerated! No post for you!

Comment removed

[account_deleted]

Comment removed based on user account deletion