It is no longer news that Microsoft will be ending support for Windows XP on April 8th 2014. If this is news to you, you can read up on it on my previous blog or at Microsoft.
As noted in my blog post, you are potentially exposing yourself to security and compliance risks if you are still running Windows XP after April 8th. Healthcare providers need to be aware of potential HIPAA/HITECH violation that could result from this.
HIPAA VIOLATIONS?
HIPAA has not explicitly stated Windows XP systems will not be compliant after April 8th. However after April 8th Microsoft will no longer provide security patches and other updates to Windows XP operating system. Any Windows XP systems on your network will be in violation of HIPAA Security Rule Section 164.308(5)(ii)(B)
“Protection from malicious software (Addressable). Procedures for guarding against, detecting, and reporting malicious software.”
It is possible to still use a Windows XP system in your practice after April 8th and be HIPAA compliance but I do not recommend this. The Windows XP systems should be stand alone systems and not connected to any network. You also have to make sure patient’s PHI (Protected Health Information) are not stored on the system. This is only recommended if you have an old software/program that will not run on newer operating systems.
HIPAA violations is not the only thing to worry about with Windows XP end of support. You also need to think about potential hackers and viruses that will exploit vulnerabilities in the operating system once support ends. Windows XP has been around for more than 12 years, that’s more than enough time to find all the vulnerabilities in it.
To Do List:
- Start by performing an IT audit of your organization to find out how many Windows XP systems you have.
- Perform a software audit on these systems and find out if they are compatible with a newer operating system (Windows 7/8/8.1).
- Decide on which operating system (Windows 7/8/8.1 or Linux) to upgrade to. Windows 7 has the look and feel of Windows XP and most software/programs are compatible with it.
Contact us to assist in migrating your systems.