Using Windows XP? You won’t be HIPAA Compliant starting April 8, 2014
Almost thirteen years after it was first released, the days of Windows XP in the healthcare industry are now numbered. As of April 8, 2014, Microsoft will stop updating security and enhancement patches for Windows XP, and the support for Windows Server 2003 will end July of 2015. If you are using computers that run Windows XP in your practice, you should know that you may be at risk of a HIPAA violation if you don’t take remedial measures. Microsoft will no longer release security patches or updates for Windows XP making it non-compliant with HIPAA/HITECH. The Office of Civil Rights (OCR) has been very clear that unsupported systems are NOT HIPAA compliant. HIPAA was designed to promote the confidentiality and portability of patient records as well as to develop data security standards for consistency in the health care industry. Under this act, organizations have to adhere to HIPAA compliance standards related to protecting their systems, and patients can feel confident that their personal medical information will remain private. Using a non-supported operating system can dangerously expose your patient database to hackers. Such systems pose a risk not only to the data they hold, but also to the network they reside on. Many diagnostics tools from imaging to dental to ophthalmologic devices have dedicated Windows XP computers that came with the device and are supported by that vendor. In June 2008, it was announced that Microsoft would withdraw paid assisted support, security updates, and non-security hot fixes for Windows XP on April 2014. This means that instability bugs and security vulnerabilities will go forever unpatched starting from this date. However, many healthcare providers are still using Windows XP. There are still a number of software systems that only work on Windows XP. This could be an issue for organizations to move from Windows XP to a new O/S. The cost of refreshing technology can be a major challenge for small organizations. Survey Results on HIPAA Compliance after April 8 The findings of a recent survey by eFax Corporation are as follows: o
54 percent of organizations surveyed cited HIPAA compliance as their top concern, even more important than document management, organization and record-keeping.
o
42 percent of respondents said online fax is the most effective technology solution for helping with HIPAA compliance security
o
44 percent of healthcare organizations surveyed said mobile fax (the ability to fax from a smart phone or tablet) would be important or very important to their organization in 2014
Research firm Gartner has predicted that more than 15% of medium and large enterprises will still have Windows XP running on at least 10% of their PCs after Microsoft support ends in April 2014. How to Stay HIPAA Compliant? The Health Resources and Services Administration (HRSA) recommend the following steps: 1. Identify the scope of the analysis 2. Collect data 3. Identify and document potential vulnerabilities and threats 4. Assess your current security measures 5. Determine the likelihood of threats 6. Determine the potential impact of threats 7. Determine the level of risk 8. Identify security measures and finalize documentation 9. Implement proper security measures 10. Evaluate and maintain those security measures Upgrade to Windows 7 as soon as possible. Addressing XP and Server 2003 issues will keep you HIPAA compliant as well as make your practice more functional and secure. About The Author MTS Transcription Services (MTS) is a US-based medical transcription company, committed to provide HIPAA compliant medical transcription services for healthcare providers. We offer quality medical transcription outsourcing services to hospitals, clinics and healthcare facilities of all major specialties including pediatrics, pathology, orthopedics, cardiology and more.