Can Using Windows XP Put Your HIPAA Compliance In Jeopardy?

By any measure, Windows XP was one of the most popular operating systems ever released by Microsoft. It is still being used today on computers and laptops nearly 13 years after its introduction. Microsoft’s announcement of their ending support for Windows XP on April 8, 2014 means that many computers used in the healthcare industry that rely on this operating system are now technically out of compliance with HIPPAA regulations. This end of support leaves the operating system vulnerable to security flaws and other errors without the regular updates that Microsoft was supplying while the software was under official support.

Understanding what options you have for upgrading this aging software is the first step in bringing your system back into compliance. The upgrade process involves a complete inventory of the software programs you use on these computers to ensure they are compatible with the current Windows 7 or Windows 8 requirements. In some cases they will work fine while others may require you to update the program as part of the operating system upgrade.

This holds true as well for the hardware, since these newer operating systems have fairly robust requirements for processor speed, system memory and disk drive capacity. Before upgrading your existing computers you’ll need to check the minimum system specifications required to support these updated operating systems to ensure your equipment meets the minimums. There are tools on the Microsoft site that you can use to verify your existing machines can handle the workload these new operating system will place on your gear. If your machine is older or requires extensive upgrades to pass the minimum threshold, you might consider replacing it with a newer, more powerful computer to speed the process. This might be an issue for some companies as this capital expense may not have been accounted for in their 2014 budget.

This issue will come to the forefront this year as the Office of Civil Right (OCR) has routinely stated that unsupported computer systems are not considered HIPPAA compliant. This position has been further amplified by numerous audits throughout 2013, which have set a precedent for citing these older Windows XP systems that are still in use today. With most larger companies, the HIPAA compliance officer would have noted this lapse in support during routine reviews in 2013 and accounted for the expense and amount of work required for any upgrades. Smaller companies are at greater risk of falling behind in this critical HIPPAA requirement and must do all they can to upgrade these aging computers quickly to stay within the requirements of the regulations.

Leave a Reply