Med IT Systems Healthcare Revolution


Call (810) 730-3234 or E-mail



hardware1 hardware2 hardware6 hardware4 hardware3 hardware5 healthitterms1

Windows XP and HIPAA

Recently, Microsoft announced that they will discontinue support for their "old" operating system Windows XP, beginning April 8th, 2014. Read the following timely summary from Mark Lozen of Structured Technologies to understand how this can affect your practice if you are impacted by this event. Swartz Creek based Structured Technologies is a Solutions Partner of Med IT Systems, in our mission to provide best-in-class IT solutions to our clients.

"Many of you may not be aware, (that) support for Windows XP is coming to a close. Microsoft announced they will no longer provide mainstream support or updates for the Windows XP operating system after April 8th, 2014. This process is generally called "End of Life" or EOL. For those of you using XP on your desktop or laptop, this doesn’t mean it will stop working on that date and you’ll have to upgrade your OS or computer. How it applies to you, and your use of Electronic Medical Records software, is another story.

Part of each of those annoying “Windows Updates” that make you restart your computer, or force you to wait periodically before you can turn off your computer every month or so, involves security. As vulnerabilities to the operating system are found where a hacker or identity thief might exploit them to gain entry into your system, Microsoft makes changes via these updates to keep your data as safe as possible.

When End of Life occurs for XP, Microsoft will no longer be providing these regular security updates. As a result, your computer may become vulnerable to security breaches and you’ll have no easy means to automatically prevent it.

There are three aspects of the HIPAA guidelines that will apply in this situation. Administrative Safeguards (Protection from Malicious Software [Implementation Specification 164.308(a)(5)(ii) (B)], Physical Safeguards [The Workstation Security Standard 164.310(c)], and Technical Safeguards [The Integrity Standard 164.312 (c)(1)].

If your OS is no longer being supported with security updates, how sure are you that the operating system has not been compromised? How do you know if new vulnerabilities will allow unauthorized users access to your ePHI? The answer is that you won’t know how safe your system is any longer and you’re probably, at that point, knowingly operating against best practices as recommended and required by the HIPAA guidelines.

On the April 8th 2014 EOL of Windows XP, your current Windows XP computer will continue to function as it did prior to this date. However to meet HIPAA requirements, you will need to begin updating your systems to a actively supported operating system.

Start planning now on how best to upgrade the devices in your practice or business from Windows XP to Windows 7 or Windows 8. Whether it’s a few devices each month or all at once, you have the time to get it done before it potentially becomes a problem."

About the author: Adil Mohammed is the co-founder of Med-IT Systems, and blogs on the topic of IT in healthcare, and other issues like privacy/security, coordination of care, and new payment models affecting healthcare professionals. You can checkout his Google+ profile at Google