After April 8th Windows XP May No Longer Be HIPAA Compliant


Doctors' practices using Windows XP should be aware that Microsoft will no longer provide support for Windows XP after April 8, 2014. This means that updates, bug fixes, security patches and troubleshooting will not be available for systems operating Windows XP, making such systems vulnerable to security risks.

These security risks could lead to data breaches that may require your practice to notify patients as well as government officials, and could expose your practice to liability for violating state data security laws.

\While the HIPAA security rule does not specifically mandate any minimum operating system requirements, practices using Windows XP should be aware that continuing to use an unsupported operating system without the proper maintenance in place to protect electronic patient health information (PHI) increases their risk of security breaches.

The HIPAA security rule requires a security management process, which means the development and implementation of policies and procedures to prevent, detect, and correct potential risks and vulnerabilities to electronic PHI. An unsupported operating system should be identified as a risk, and practices using Windows XP should conduct a risk assessment to determine the appropriate measures to reduce any risks to electronic PHI, including upgrading to a more current, supported operating system such as Windows 7 or 8. Also be sure to work with your vendors to analyze your risk and determine appropriate actions.

Finally, ALL virus and security software-no matter what operating system it is running on-should be up to date.

CPMA's Compliance Center offers Members materials to help ensure their practices are HIPAA complaint.