Windows XP support to end, raising HIPAA concerns
If you are still using Windows XP (XP) as your operating system for your practice, you better upgrade and do it fast. As of April 8, 2014, Microsoft stopped providing support for the operating system. This includes the free security updates that protect your computer against malware. This has the U.S. Department of Health and Human Services (HHS) very concerned. In fact, if you still have sensitive electronic Protected Health Information (e-PHI) on computers using XP, you might not be compliant with HIPAA regulations.
There is a lot of information out there. Here are some quick facts from AOA that will help doctors of optometry sort through the confusion:
Is Windows XP not compliant with HIPAA mandates?
While there is no official requirement that XP be compliant with the security mandate, it is the duty of the health care provider to ensure all office processes are compliant. According to the HHS, the security rule does say that systems containing patient data must be protected against breaches. If you are still housing sensitive data on computers operating XP, you may well be taking a risk.
Still running XP? What you need to know
If you are still running XP on your practice computers, David Jaco, OD, AOAExcelTM EHR consultant, says "practices running Windows XP must complete a risk assessment and evaluate the potential threat that a cyber-intruder could access or corrupt e-PHI."
"It’s up to that covered entity to analyze their particular situation and evaluate the risk to make decisions based on that risk," Dr. Jaco said.
While some computers running XP are at more risk than others, Dr. Jaco says doctors should still "ask diagnostic equipment vendors about upgrades to supported operating systems." These computers will work, but Windows warns that they should not be considered protected.
What to do next
Perform a risk analysis by evaluating your system for cyber-attacks that could corrupt e-PHI.
AOA and COA suggest considering an upgrade to a new Windows OS.
Here are some tips from Microsoft on how to stay protected.
Also, check out this risk assessment tool recently released by HHS to help providers with HIPAA compliance.