Microsoft’s support for Windows XP on April 8, 2014, meaning that HIPAA compliance will be affected. Healthcare providers using Windows XP need to take appropriate measures to meet meaningful use requirements.
2. Almost thirteen years after it was first released, the days of Windows XP in the
healthcare industry are now numbered. As of April 8, 2014, Microsoft will stop
updating security and enhancement patches for Windows XP, and the support for
Windows Server 2003 will end July of 2015. If you are using computers that run
Windows XP in your practice, you should know that you may be at risk of a HIPAA
violation if you don’t take remedial measures. Microsoft will no longer release
security patches or updates for Windows XP making it non-compliant with
HIPAA/HITECH.
The Office of Civil Rights (OCR) has been very clear that unsupported systems are
NOT HIPAA compliant. HIPAA was designed to promote the confidentiality and
portability of patient records as well as to develop data security standards for
consistency in the health care industry. Under this act, organizations have to adhere
to HIPAA compliance standards related to protecting their systems, and patients can
feel confident that their personal medical information will remain private.
Using a non-supported operating system can dangerously expose your patient
database to hackers. Such systems pose a risk not only to the data they hold, but
also to the network they reside on. Many diagnostics tools from imaging to dental to
ophthalmologic devices have dedicated Windows XP computers that came with the
device and are supported by that vendor.
In June 2008, it was announced that Microsoft would withdraw paid assisted support,
security updates, and non-security hot fixes for Windows XP on April 2014. This
means that instability bugs and security vulnerabilities will go forever unpatched
starting from this date.
However, many healthcare providers are still using Windows XP. There are still a
number of software systems that only work on Windows XP. This could be an issue
for organizations to move from Windows XP to a new O/S. The cost of refreshing
technology can be a major challenge for small organizations.
Survey Results on HIPAA Compliance after April 8
The findings of a recent survey by eFax Corporation are as follows:
o 54 percent of organizations surveyed cited HIPAA compliance as their top
concern, even more important than document management, organization and
record-keeping.
o 42 percent of respondents said online fax is the most effective technology
solution for helping with HIPAA compliance security
o 44 percent of healthcare organizations surveyed said mobile fax (the ability to
fax from a smart phone or tablet) would be important or very important to
their organization in 2014
3. Research firm Gartner has predicted that more than 15% of medium and large
enterprises will still have Windows XP running on at least 10% of their PCs after
Microsoft support ends in April 2014.
How to Stay HIPAA Compliant?
The Health Resources and Services Administration (HRSA) recommend the following
steps:
1. Identify the scope of the analysis
2. Collect data
3. Identify and document potential vulnerabilities and threats
4. Assess your current security measures
5. Determine the likelihood of threats
6. Determine the potential impact of threats
7. Determine the level of risk
8. Identify security measures and finalize documentation
9. Implement proper security measures
10. Evaluate and maintain those security measures
Upgrade to Windows 7 as soon as possible. Addressing XP and Server 2003 issues
will keep you HIPAA compliant as well as make your practice more functional and
secure.
About The Author
MTS Transcription Services (MTS) is a US-based medical transcription company,
committed to provide HIPAA compliant medical transcription services for healthcare
providers. We offer quality medical transcription outsourcing services to
hospitals, clinics and healthcare facilities of all major specialties including pediatrics,
pathology, orthopedics, cardiology and more.