HIPAA Compliance Alert! Windows XP Operating System Ended Support April 8th, 2014 Risking Patient Confidentiality

Your Operating System May not Support HIPAA Compliance as of 4/8/14.

On April 8, 2014, Microsoft® ended support for Windows XP. This means that if you use Windows XP you will no longer receive updates to fix security-related and other problems with this version of Windows. 

Why it Matters to Physicians: Potential Liability

A computer operating system with weak security (i.e., from no longer having security updates) threatens the confidentiality of your patient information. Information breaches are costly to your practice and can erode your patients’ trust in you.

Action Steps

1. Make sure your compliance officer is aware that as of April 8, 2014, Microsoft® no longer provides security patches to Windows XP.

2. Refer to Microsoft®’s website for information about the discontinuation of XP support, what steps to take to change to a different operating system, and the risks of staying with XP: http://www.Microsoft® .com/en-us/windows/enterprise/end-of-support.aspx

3. Do a risk analysis to ensure compliance with the HIPAA Security Rule. Work with your compliance officer and IT department to carry out this process.

According to the U.S. Department of Health & Human Services, Office for Civil Rights:

Any known security vulnerabilities of an operating system should be considered in the covered entity’s risk analysis (e.g., does an operating system include known vulnerabilities for which a security patch is unavailable, e.g., because the operating system is no longer supported by its manufacturer). 

See: http://www.hhs.gov/ocr/privacy/hipaa/faq/securityrule/2014.html