With the deadline for the end of support and updates for Windows XP, here are five important steps for your practice to avoid HIPAA and HITECH Act violations.
On Apr. 8, 2014, support and updates for Windows XP will no longer be available from or provided by Microsoft. While your practice will still be able to use computers with Windows XP as their operating system, doing such would be a mistake. Without Microsoft's support, these workstations are more vulnerable to security risks and, if they are used for anything involving protected health information, effectively become non-compliant with HIPAA and the HITECH Act.
With April 8 right around the corner, here are the steps your practice should take to address this serious security concern.
1. Identify XP machines. The first step to take is to determine whether this is an issue that even applies to your practice. Task your designated IT person with running a report to identify which workstations in use in your practice are on the Windows XP operating system. If even just one machine uses XP, you will need to upgrade its operating system.
2. Analyze hardware. Before you can upgrade the operating system, you will need to determine whether the computer is capable of running a new operating system, such as Windows 7 or 8. Ask your designated IT person to assess the workstation's hardware resources, noting any technology in the machine that may present an obstacle to running a new system.
3. Determine whether to upgrade or replace the computer. If the workstation is capable of handling a newer operating system effectively, you can pay for the system license upgrade plus the fee to configure the computer for its use and continue to use the machine.
But if the workstation does not meet the new operating system's hardware requirements, you have a decision to make: invest in new hardware to bring the computer up to the new operating systems specifications or purchase a new machine. In many cases, the cost of upgrading an older machine's hardware and purchasing the new license will exceed the cost - and practicality - of purchasing a new workstation with a new operating system installed.
4. Plan the transition. Switching computers over from XP to a new operating system is no easy process. It takes time to upgrade existing systems and purchase new workstations, and time to configure the systems to work properly in your practice. Your staff may also require training on how to properly and effectively use the new operating system. Take all of these factors into consideration as you lay out your practice's plan and strategy to upgrade without causing a significant interruption in your operations.
Note: A component of this plan should include identification of which operating system you will upgrade to: either Windows 7 or Windows 8. While it may seem logical to upgrade to the newest operating system, that isn't necessarily the case. There is a steep learning curve with Windows 8 as the operating system is a complete revamp of Windows (e.g., there is no start button, there are apps instead of desktop applications and countless other little changes) that may confuse users, especially those who are not technically savvy. In addition, while Windows 8 touts its compatibility with Windows 7 applications, most IT vendors have already seen their fair share of issues arising from the way the new operating system handles applications. Work with your designated IT representative to identify the best operating system for your needs.
5. Proceed with the upgrade. With a plan in place, make the switch to the new operating system. Your workstation's operating system will now be in compliance with HIPAA and HITECH come April 8, and you have made your practice a more secure environment as well - a benefit to you and your patients.
Note: Many practices run legacy applications that need to be checked for compliancy with Windows 7. Windows 7 runs on a different core technology than Windows XP, and therefore there are incompatibilities that must be fleshed out before these applications can be properly installed on Windows 7. Oftentimes the developer of the non-compliant software can be contacted for an upgrade (usually at an additional cost) that will allow the software to run properly on Windows 7.
Jason Romeris enterprise account executive for PriorityOne Group, a New Jersey-based healthcare IT consulting firm.