The end of Windows XP requires changes to stay HIPAA compliant

Derek Kosiorek, CPEHR, CPHITMicrosoft stopped providing support for its popular operating system Windows XP this month. There are unique consequences for physicians who use XP at their practices, since continued use of this non-supported operating system is exposing the practice’s protected health information to risk. Take these steps to ensure that patient information is protected.

By halting support of Windows XP, Microsoft will stop ensuring that the product is secure from new forms of hacking and malicious software. For physicians, this means increased risk to protected patient information. Any breaches would mean a violation of the Health Insurance Portability and Accountability Act (HIPAA).

The most important consideration that practices will face is to ensure the integrity and security of the patient data. Any system you run will come with risks, and the older the software, the greater the risks. If you continue to use Windows XP, make sure anti-virus software is up to date and you have a firewall protecting your network. Keeping them updated will go a long way toward keeping you safe while you look at the next generation of your technology tools.

Hastily diving into the deep end of the upgrade pool may not be your best course of action. You have time, and you have anti-virus software.

Before you make any changes, you’ll want to make sure your software runs on operating systems after XP. Most software vendors have upgraded their products to work on systems much later than XP, but there may still be few out there that have not. Check all of your software for compatibility issues, including those that were custom-built for you. Those programs will need to be upgraded first to ensure that you don’t lose functionality. If the vendor hasn’t offered upgrades by now, chances are they never will, and you need to evaluate your continued use of the software.

After ensuring all software runs on later platforms, most practices choose one of three options. The first is to replace the entire computer. Doing this will allow you to gain significant speed and efficiency, but the cost can be hard to swallow. One best practice is to replace one quarter of your computers every year. This ensures that none of your computers are more than four years old, and it builds the same cost into your budget each year.

Second, you can keep the computer, but upgrade the operating system. Microsoft is focused on its latest operating system, Windows 8, but many prefer the stability and ease of training that comes with Windows 7. If you go this route, you can buy licenses for multiple Microsoft operating systems, including Windows 7 professional, and simply install them on the computer. However, this will not increase speed if the computer is old.

The third option is to turn the computer into a terminal that can run software off of a server. Using this “virtual desktop connection” takes away your reliance on the computer, because the software is running directly off of the server. The most common tools for this are Citrix and Windows Virtual Desktop. Going this route will require IT support to  setup and configure the server and workstations.

Derek Kosiorek, CPEHR, CPHIT, is a principal consultant for MGMA Health Care Consulting Group. Send your technology questions to [email protected]. 

Related article

Encrypting your patients’ health information

Ways physicians can stay HIPAA compliant when using mobile

Taking steps to get ready for a HIPAA audit

Patient data security risks climb with ACA rollout