Windows XP and HIPAA Compliance: What you need to know
As of April 8, 2014, Microsoft will be officially ending support of Windows XP. As the lifecycle for the popular OS comes to an end, it is important to understand what will be changing, and how this will effect your operations. For New Jersey medical practices who use EMR software specifically, it means that you need to know the effect an outdated operating system will have on your HIPAA compliance status.
What exactly happens when an OS or other software product reaches the end of a life-cycle?
Essentially, the product becomes ‘disowned’ by the company. In the case of XP, Microsoft will no longer provide security updates, non-security related hotfixes, free or paid support, or online technical content updates. Though ‘non-compliant’ may be too heavy a term to describe the effects of staying with XP, the continued use of XP machines can pose a real threat to system security. Once support is fully discontinued, machines will become increasingly vulnerable to attack and security breach due to the unavailability of security updates or patches.
Machines that go unpatched are highly susceptible to being compromised, and when attacked, can serve as a conduit to install malicious software, or ‘malware’ on a device or network. Once a particular device or network has been compromised, there are any number of possibilities as to what type of program, or virus can be installed, and to what information or data can be compromised, or even lost. Another major concern of using a non-supported OS is that third-party vendors and software manufacturers may also stop offering applications and updates for instances of their software running on an antiquated OS.
What you can do.
The best course of action to take if you are running Windows XP at this point, is to completely update your OS to Windows 7 or 8. More often than not, this will also require updating hardware as well, as many older systems are not up to spec to support the newer operating systems. A viable alternative when hardware upgrades are not an option, is to deploy Windows XP in a virtual environment, but this is only recommended if the EMR software vendor supports virtualization.
Categorised in: Electronic Medical Records (EMR)