From one who works with these issues (Score 2, Insightful)

Folks,I work for a company who creates practice managment systems. I sent this link out and here is a snippit I got. Seems as if this guy has a valid concern, but he would need to keep in mind that software CANNOT be HIPAA-compliant. Since the security regulations have not been passed, then the user implementing this software would not be penalized if records were wrongly accessed. Not until the government hands down specific guidelines to protect user's technology can anyone really act. Not that I know much about how to implement security in a technology environment (or about win2k or SP3 for that matter), IT departments should make best efforts and be conservative in securing their hardware and software.