You bought this fancy new toy and you just want it to work with the free software it comes with. What if you realize too late that the software is note secure enough to make you HIPAA compliant?
Far too often, practices are installing programs to help them get through a day without regard for what risks it may pose to them. Vendors that create devices and programs for healthcare should be compliant and low risk, however, you have to remember that these are for-profit businesses.
Making money and externalizing costs are higher priorities than securing the products they sell to you. In their defense, some of these things are difficult to just make work, let alone make it work securely.
Since this is the world we now live in, it is more important than ever for you to properly vet ALL vendors prior to signing contracts and installing their products. Even vendors that claim to be HIPAA compliant are often not-so-compliant when you scratch the surface. (see blog post, BAA’s)
If you’re unsure, ask ACS. I love reviewing BAA’s for red flags and asking vendors uncomfortable questions. 🙂