> So, the chance of them going "out of business" is pretty slim. It's entirely possible that dentists unfortunate enough to have chosen Eaglesoft will get to pay some HIPAA fines, however.
Will they? Since Eaglesoft claimed to provide encryption, and the practices relied on that claim, it seems unlikely that the practices are at fault; if they are subject to civil liability at all for inadvertent violations -- or even if they just have costs to cure the violations without money liability, which seems more likely given the history of HIPAA enforcement -- they would seem to have a claim for at least the total resulting costs in damages against Patterson.
As far as criminal violations of HIPAA goes, it doesn't seem particularly likely that any occurred, and if any did its pretty clear that the practices are (barring any evidence of knowledge that hasn't come to light) unlikely to have had the requisite knowledge or intent to be culpable, though the violations may have been willfully caused by Patterson's actions, which -- even though Patterson might not usually be directly covered by HIPAA as regards what appears to be on-premise software they sell -- might make Patterson a (and possibly the only) chargeable principal in any crime. 18 USC Sec. 2(b): "Whoever willfully causes an act to be done which if directly performed by him or another would be an offense against the United States, is punishable as a principal."
