I disagree that it's off topic. Patrick's email/article gave an example of how easy and valuable it can be to automate something within a doctor's office, then added this:

"Many things are easy for software companies in a way that they just aren't for non-software companies... doctor's offices don't think of APIs for the same reason that developers think that free soda is a wonderful thing to treat your employees to."

I read that as encouraging developers to look at doctor offices as a valuable market without warning them about the importance of HIPAA/HITECH compliance. And I believe that can get folks into trouble if they aren't careful.

Perhaps I should have simply phrased it that way instead. Thanks for the feedback. I deleted my prior message and I'll email Patrick with my concern.

Your clients will tell you about their concerns. Whether it's HIPAA, PCI, PABP, SOX, ITAR, etc., they tend to be overly expressive and understanding. They're also very similar and once you've nailed it a few times, whether it's "securing privileged information," "transparency," "traceability," etc., a quick browse of the Wikipedia article can warn you of any specifics that are outside your experience.