Slashdot has a discussion up on the conundrum of software updating and HIPAA compliance: “…After reading the discussion on here about the new EULA for Win2k SP3, I had a disturbing thought. As far as I can tell, if you use Windows 2000 then you’re going to be out of compliance whatever you do. If you install the patch, then theoretically Microsoft could access those medical records (possibly by accident) without ‘due cause or need’ in the process of updating your machine. If you don’t patch your system then you’ll fail the security requirements of the law…”