Windows XP support to end, raising HIPAA concerns | California Optometric Association
Quick Links

Latest Updates

Access Member Resources

Children's Vision

Windows XP support to end, raising HIPAA concerns

http://www.naylornetwork.com/cop-nwl/assets/screen%20shot%202014-04-14%20at%205.36.26%20pm.png

If you are still using Windows XP (XP) as your operating system for your practice, you better upgrade and do it fast. As of April 8, 2014, Microsoft stopped providing support for the operating system. This includes the free security updates that protect your computer against malware. This has  the U.S. Department of Health and Human Services (HHS) very concerned. In fact, if you still have sensitive electronic Protected Health Information (e-PHI) on computers using XP,  you might not be compliant with HIPAA regulations.

There is a lot of information out there. Here are some quick facts from AOA that will help doctors of optometry sort through the confusion:

Is Windows XP not compliant with HIPAA mandates?

While there is no official requirement that XP be compliant with the security mandate, it is the duty of the health care provider to ensure all office processes are compliant. According to the HHS, the security rule does say that systems containing patient data must be protected against breaches. If you are still housing sensitive data on computers operating XP, you may well be taking a risk. 

Still running XP? What you need to know

If you are still running XP on your practice computers, David Jaco, OD, AOAExcelTM EHR consultant, says "practices running Windows XP must complete a risk assessment and evaluate the potential threat that a cyber-intruder could access or corrupt e-PHI."

"It’s up to that covered entity to analyze their particular situation and evaluate the risk to make decisions based on that risk," Dr. Jaco said.
While some computers running XP are at more risk than others, Dr. Jaco says doctors should still "ask diagnostic equipment vendors about upgrades to supported operating systems." These computers will work, but Windows warns that they should not be considered protected.

What to do next

Perform a risk analysis by evaluating your system for cyber-attacks that could corrupt e-PHI.

AOA and COA suggest considering an upgrade to a new Windows OS. 

Here are some tips from Microsoft on how to stay protected.

Also, check out this risk assessment tool recently released by HHS to help providers with HIPAA compliance.  

Return to April

COA Champion Supporters:

California Optometric Association
2701 Del Paso Road, Ste. 130-398 | Sacramento, CA 95835 | 833-206-0598