Windows XP Use May Trigger HIPAA Non-compliance
Windows XP Use May Trigger HIPAA Non-compliance
Contributed by The Doctors Company. For more patient safety articles and practice tips, visit www.thedoctors.com/patientsafety.
Now that Microsoft has stopped supporting the Windows XP operating system, physician practices using Windows XP face threats from viruses, Trojans, and other potential security breaches. All PC workstations and laptops using Windows XP that contain Protected Health Information (PHI) are no longer compliant with HIPAA and the HITECH Act. This includes devices used to access PHI via the Internet. HIPAA Security Rule section 164.308(a)(5)(ii)(B) states that practices must implement “procedures for guarding against, detecting, and reporting malicious software.” This is no longer possible with Windows XP.
If your practice system currently runs on Windows XP, follow these tips immediately to bring your practice into HIPAA compliance:
- Identify all at-risk workstations and laptops.
- Analyze the hardware in all at-risk computers to determine if they are capable of running a new operating system, such as Windows 7 or 8.
- Upgrade all at-risk computers identified as capable of running a new operating system.
- For computers that cannot be upgraded, either replace the hardware or purchase new computers.
- Create a transition plan for upgrading or replacing computers.
Internet Explorer 8 is also no longer supported — if your practice is running Windows XP and using Internet Explorer 8, you may be exposed to additional threats.