Question: One of our IT managers said the hospital won’t be able to use Windows XP computers any longer because of security risks. What’s he talking about?
Arizona Subscriber
Answer: You may have heard that Microsoft announced that it will stop supporting Windows XP on April 8, 2014, but it’s possible that the news didn’t particularly resonate with you since your XP system is running quite well. However, the news could have significant reverberations from a HIPAA standpoint.
As you’re probably aware, your computer system (whether it’s XP, Vista, or another operating system) periodically updates its security protocols to ensure that hackers cannot access your private files. But if Microsoft stops issuing security updates for XP, that means your system is vulnerable to breaches, which are the nemesis of HIPAA.
According to the Health Insurance Reform Security Standards Final Rule, you “are required to maintain reasonable and appropriate administrative, physical, and technical safeguards to ensure the integrity and confidentiality of the information and to protect against any reasonably anticipated threats or hazards to the security or integrity of the information and unauthorized use or disclosure of the information.”
To be able to prove that you have taken such safeguards, you need to demonstrate that you protected all of the information in your computer system, which could be difficult when you’re using an unsupported operating system.
Takeaway: If your protected health information is on a Windows XP system, your facility should start changing it over now so you’re compliant by April 8.