If You’re Running Windows XP You Won’t Be HIPAA Compliant!

Update to a newer Windows operating system before it’s too late!

Microsoft has continuously warned us about the end of support for Windows XP on April 8^th, 2014. Microsoft will no longer release security patches or updates for Windows XP making it non-compliant with HIPAA/HITECH. Unsupported systems are insecure and protected health information (PHI) shouldn’t reside on machines running XP. Plus, if you aren’t HIPAA compliant your at risk of not meeting meaningful use security requirements. The Office of Civil Rights (OCR) has repeatedly stated that unsupported systems aren’t HIPAA compliant. So why would you want to continue to use Windows XP?

QUESTION:  If you’re using Windows XP when Microsoft support ends, how can you ensure HIPAA compliance?

ANSWER: You can’t.

Migrating Away From Windows XP Can Take Time and Money

Unfortunately, migrating away from Windows XP isn’t always simple. For small businesses, new technology can be expensive.

• What about your software and legacy applications? Will they work properly on another operating system? Some software only works on Windows XP and needs to be replaced, which can make it costly and time consuming for some to switch operating systems.
• In addition, updating to another operating system can be expensive. Has your HIPAA compliance officer already warned you about the cost? (If you don’t have a HIPAA compliance officer, look into HIPAA compliance training courses online.)

Other Steps To Take

A risk analysis and risk management is required at least once prior to the beginning of the electronic health record (EHR) reporting period. There a variety of ways to perform one. The Health Resources and Services Administration’s (HRSA) recommends the following steps be taken:

1. Identify the scope of the analysis
2. Collect data
3. Identify and document potential vulnerabilities and threats
4. Assess your current security measures
5. Determine the likelihood of threats
6. Determine the potential impact of threats
7. Determine the level of risk
8. Identify security measures and finalize documentation
9. Implement proper security measures
10. Evaluate and maintain those security measures 

The Time To Upgrade Is Now!

As you can see, migrating from Windows XP to an updated operating system isn’t always easy and can take time. You must prepare your healthcare organization now for the end of support for Windows XP or you may miss the deadline on April 8^th, 2014.

Looking to migrate away from Windows XP? CITOC will help you select and implement the best operating system for your healthcare organization to ensure HIPAA compliance.  Call (713) 490-.5000 or email us at info@citoc.com.

To learn more, give us a call at (713) 490-.5000 or send us an email at info@citoc.com.