/ /

  • linkedin
  • Increase Font
  • Sharebar

    How withdrawal of Windows XP support affects you

    Safeguard records and ensure HIPAA compliance

    Windows XP support withdrawalWhether you practice in a small private practice, a commercial setting, or a large hospital-based institution, Windows withdrawal of support for Windows XP as of April 8, 2014 needs to be seriously addressed by you or your organization.

    What does withdrawal of support mean?

    There will be no more security updates or technical support for the Windows XP operating system. Security updates patch vulnerabilities that may be exploited by malware and help keep users and their data safer. Critical flaws could allow an attacker to take over or cripple a PC running XP. EPHI (personal healthcare information) and other confidential patient data will be far more vulnerable to hackers, viruses, and malware. While you can buy a customer support package through Microsoft, it is expensive and not even a short-term solution for the average practice.

    What does this mean for you?

    If you do nothing and are running software on XP machines:

    • HIPAA compliance. According to the American Optometric
    Association (AOA), “There is no requirement that Windows XP must be HIPAA compliant. However, it is the responsibility of the covered entity—the healthcare provider—to ensure all office processes are compliant. Optometrists need to be aware that continued use of Windows XP after April 8, 2014, could mean the OD is at risk for not meeting HIPAA compliancy.”1

    • Meaningful Use compliance. According to the Office of National Coordinator of Health Care information, “Core Objective & Measure 15: Protect electronic health information created or maintained by the certified EHR technology through the implementation of appropriate technical capabilities. Conduct or review a security risk analysis in accordance with the requirements under 45 CFR 164.308(a)(1) and implement security updates as necessary and correct identified security deficiencies as part of its risk management process.”2 So, by attesting to Meaningful Use, you are attesting that your patient data is secure. This is certainly not the case if you are still running XP with no intervention.

    • Medical billing systems. Since EHR compliance requires adherence to the HIPAA Security Rule, it is possible that medical billing systems will remove support for Windows XP, possibly disrupting the ability for a medical practice to submit claims from a Windows XP system.

    • Hardware security. Today, many instruments such as OCTs, digital cameras, and visual field testers are running on XP computers and platforms. If they are on your network, they are just as vulnerable to PHI security problems, as well as damage to the database and computers themselves.

    • Credit card security. An establishment that processes credit cards and runs XP is in violation of the Payment Card Industry (PCI) Data Security Standard (PCI-DSS v2.0) by failing to protect PCs from known vulnerabilities

    Next: If your office is still running XP

    Steve Silberberg, OD
    Dr. Steve Silberberg is the owner of a group practice in central New Jersey noted for its use of high-tech equipment. He has been in ...


    You must be signed in to leave a comment. Registering is fast and free!

    All comments must follow the ModernMedicine Network community rules and terms of use, and will be moderated. ModernMedicine reserves the right to use the comments we receive, in whole or in part,in any medium. See also the Terms of Use, Privacy Policy and Community FAQ.

    • No comments available

    Optometry Times A/V