Windows XP Is Out of Compliance with HIPAA
On April 8, 2014, Microsoft ended support for Windows XP. As a result, it has discontinued security updates and technical support for the product. Dental practices that fail to upgrade to a supported system will be exposed to security breaches and are out of compliance with HIPAA and Payment Card Industry (PCI) requirements.
Beginning in late 2013, Henry Schein began communicating with customers about the end of Microsoft’s support for Windows XP and why it is important to use an operating system that is supported:
- Virus and security-breach vulnerability. Without support for Windows XP, systems will be vulnerable to new spyware, hacks and Internet security breaches—all of which put your data at risk.
- HIPAA compliance. It is unknown if, or how quickly, Windows XP could become a security risk to electronic health information now that Microsoft has discontinued support. This needs to be addressed in your practice’s HIPAA risk analysis. For example, your risk analysis must include any known vulnerabilities of an unsupported operating system and how you will address those risks. See the Department of Health & Human Services website for more information on HIPAA.
- PCI compliance. If Windows XP is in your cardholder data environment (CDE), your business will be out of compliance as of April 9, 2014, regardless of when your annual compliance validation is scheduled to take place. PCI DSS Requirement 6.2 states:
Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release. (Source: www.pcisecuritystandards.org)
- Lost revenue. When unsecure, old systems are easily compromised, malicious software can take control of your computers, resulting in slower workflow, unreliable operation and system crashes. That means operatory downtime and low productivity, which drags down your bottom line.
We strongly recommend that dental offices use an operating system that is supported by the manufacturer in order to comply with HIPAA rules and PCI Data Security Standards and to ensure that their data is as secure as possible.
Upgrading Your Software
When your office decides to upgrade software as part of your comprehensive data security program, we recommend that you work with your IT hardware solution provider to ensure that your computer and software meet the requirements and to ensure that you are getting the most out of your dental software. If you do not have an IT hardware solution provider, contact Henry Schein TechCentral to learn about how thousands of other offices have solved their computer challenges.
As always, if you have questions or concerns about what the end of Windows XP means for you and your office, don’t hesitate to contact us at 888-988-4804.
Nate Nelson, Product Marketing ManagerPublished: