The root post by Chris appears in my browser with a list of links provided by Slashdot. It includes one "HIPAA" http://ask.slashdot.org/askslashdot/02/08/27/20302 05.shtml?tid=109
which seems to have every thing you could want, from the rules themselves (if you want a headache) to various attempts to explain them to non-bureaucrats.
If you expect support where the software vendor has any access to your system, a software (or hardware) provider such as Microsoft is one of your many Business Associates, under the Privacy part of HIPAA. When dealing with real people and 2-sided contracts with Business Associates, you comply with HIPAA by having in your contract an agreement that the Business Associate will be bound by the privacy rules of HIPAA not to abuse or disclose any patient data, which now have a 1-year extension to April 2004. It is not automatically bound by anything in HIPAA, you are required to bind it in your contract. Also, such a provision probably would not override an EULA, especailly a subsequently accepted one, unless (a) it says it overrides any contrary provision of any EULA and (b) there is an actual contract, signed by an agent of Microsoft. The $64,000,000 question is, how do you get Microsoft (or any other shrink-wrap or download software vendor) to sign an EULA with you, assuming you are a small practice or hospital and not a mega-health-care provider?
Slashdot Mirror
The root post by Chris appears in my browser with a list of links provided by Slashdot. It includes one "HIPAA" http://ask.slashdot.org/askslashdot/02/08/27/20302 05.shtml?tid=109
which seems to have every thing you could want, from the rules themselves (if you want a headache) to various attempts to explain them to non-bureaucrats.
If you expect support where the software vendor has any access to your system, a software (or hardware) provider such as Microsoft is one of your many Business Associates, under the Privacy part of HIPAA. When dealing with real people and 2-sided contracts with Business Associates, you comply with HIPAA by having in your contract an agreement that the Business Associate will be bound by the privacy rules of HIPAA not to abuse or disclose any patient data, which now have a 1-year extension to April 2004. It is not automatically bound by anything in HIPAA, you are required to bind it in your contract. Also, such a provision probably would not override an EULA, especailly a subsequently accepted one, unless (a) it says it overrides any contrary provision of any EULA and (b) there is an actual contract, signed by an agent of Microsoft. The $64,000,000 question is, how do you get Microsoft (or any other shrink-wrap or download software vendor) to sign an EULA with you, assuming you are a small practice or hospital and not a mega-health-care provider?