HIPAA compliance and Windows XP

Have you heard the rumors that running Windows XP in your office is compromising HIPAA compliance?

The truth is that it isn’t yet, but it will be soon. Microsoft has announced that on April 8, 2014 it will stop supporting the Windows XP operating system. Primarily what this means is that they will no longer provide patches or security updates in response to a new virus or malicious attack threat. Thus it will be impossible for you to claim that you are adequately ensuring the protection of your practice.

If your clinic or office has computers that are still running Win XP, you should be making a plan to upgrade them to a more recent operating system.

In talking to folks about this so far, I’ve heard two main reactions. The first is, “But we do all charting and billing using cloud based services, what should it matter?”

In theory, that does offer more protection. However, in practice, few people are constantly vigilant at ensuring that NO patient data is ever stored locally on the system.

The second common reaction is, “But I CAN’T STAND any Windows operating systems other than Windows XP!”. There is an easy solution to that as well. For both Windows 7 and Windows 8 there are built-in themes and/or third party emulators that can make your upgraded operating system continue to look and function just like XP.

The bottom line is that Windows XP is now considered a very outdated system. In addition to concerns about HIPAA compliance, other software vendors will soon be ceasing to ensure that their products work smoothly with it as well. Now is an excellent time to assess your clinic resources and make a plan to upgrade outdated technology. If you have additional questions or concerns, I am more than happy to help!

Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>