Is Win2k + SP3 HIPAA Compliant?

Chris asks: "Our company deals with medical records in a peripheral sort of way (as they pertain to student loans), and due to new laws we are required to be HIPAA compliant by April. After reading the discussion on here about the new EULA for Win2k SP3, I had a disturbing thought. As far as I can tell, if you use Windows 2000 then you're going to be out of compliance whatever you do. If you install the patch, then theoretically Microsoft could access those medical records (possibly by accident) without 'due cause or need' in the process of updating your machine. If you don't patch your system then you'll fail the security requirements of the law." If Win2k with SP3 is not HIPAA compliant (and I stress the if because no one has made a statement either way, yet) what can non-compliant Medical IT departments do?

Parent is not redundant.

[GigsVT]

I don't see anyone else posting this... It's true. If you want to run an OS from a rape-you-in-the-ass company that has no respect for its customers, you better not do it with my goddamn medical data. MS products are not fit for important uses. Running personal web pages from MS products is probably OK, but for any actual business use you need a real OS.

Comment removed

[account_deleted]

Comment removed based on user account deletion

This is silly

[geekee]

By your arguement, you couldn't connect your computer to the internet at all. Any program could inadvertantly look at data and send it anywhere. Unless you have hard evidence that MS is sending your data to Redmond, I don't think you have any real compliance issue. Doesn't anyone have anything more interesting to post than MS paranoia comments? Just take your meds, people, and get on with life.