Was it last year or 2013 that everyone was trying to upgrade XP to Windows 7 due to fear of not meeting HIPAA standards?
Since that time it seems to be commonly accepted that if you have a CR or DR (or for that matter any imaging equipment storing protected health information (“PHI”)), that equipment should be upgraded to a currently supported operating system. Since XP is no longer supported by Microsoft, systems using XP ought to be upgraded.
Many manufacturers and distributors, not to mention end-users, were caught flat footed by this one. This phenomenon appeared to be a greater issue than the “date bug” of 2000. Manufacturers offered solutions that started out as very expensive, dropped to just “horrible” and have since gone back to very expensive.
When asked by end-users about using systems with XP operating systems, what do you tell them?
Generally, distributors say something like, “Since Microsoft is no longer providing security updates or bug fixes for XP, there is some reason to be concerned that a HIPAA audit of a provider using an XP system will find the provider to be not in compliance.” Of course, one needs to examine a provider’s individual HIPAA plan and also be aware of what systems are or are not connected to a network and/or the Internet, but the general rule of thumb is that PHI should not be stored on a system using XP.
When discussing this with a good friend, Robert Ward, he said that he believe this advice may be faulty. He pointed me to an article by Derek Brost. http://1technation.com/biomed-101-dont-read-windows-xp/. While I don’t believe this article directly provides us with the answer as to whether XP is HIPAA-compliant or not, it is an interesting read.
In case you are wondering, here are the scheduled dates for end of support on current Microsoft operating systems:
Operating Systems Latest update End of mainstream End of extended
or service pack support support
Windows Vista Service Pack 2 April 10, 2012 April 11, 2017
Windows 7 Service Pack 1 January 13, 2015 January 14, 2020
Windows 8 Windows 8.1 January 9, 2018 January 10, 2023
Windows 10 N/A October 13, 2020 October 14, 2025
I’m interested in learning what you all are telling your customers.
I’d like your comments and will publish them with first names only, if that meets with your approval.
For distributors like us, there have been some major challenges. The number 1 reason, is that we encounter customers with plenty of misguidance by vendors who specialize in selling “used equipment.” Used equipment vendors tell customers that upgrading to Windows 7 or any other Supported OS for compliance is totally untrue, that as long as the computer works, there is no need to spend money on upgrades or new equipment. Of course, this is purposely done in order to grab the sale and unload a piece of equipment that came off a hospital auction. Customers do not realize they could be buying someone else’s headache and paying big money for it at the immediate acquisition, interim and down the road. We are not implying “new” should be the only way to go, but vendors should be able or “enforced” for that matter to resell equipment only if it has been upgraded or reconditioned to meet these guidelines. It is irresponsible and unethical if as a vendor, you do not make your customer aware of the HIPPA Compliances in effect and Meaningful Use.