URGENT NOTICE For all Healthcare Entities – Windows XP and Windows Server 2003


HIPAA Windows XP Server 2003Upgrade Now From Windows XP and Windows Server 2003 Or You Won’t Be HIPAA Compliant.

In less than six months Windows XP users won’t be able to get support from Microsoft; and in 2015 Microsoft Server 2003 support will be dropped as well. Hackers and cybercriminals know this is coming, and are getting ready to attack.  If they steal or compromise your protected health information (PHI), the U.S. government could hit you with hefty fines.

Your hospital, clinic, or other health care organization must upgrade your Microsoft software to remain HIPAA compliant. This also applies to your contractors, or any businesses you share PHI with.  If their information is breached, you’ll be considered at fault, and fined as well.

The HIPAA Security Rule Section 164.308 (a) (5) (ii) (B) states that health care entities must employ “procedures for guarding against, detecting, and reporting malicious software.” If you fail to upgrade to a secure operating system, you’re using “malicious software,” and directly violating HIPAA Security Rules. 

Issues With Windows XP and Server 2003  

Microsoft stopped selling Windows XP five years ago.  But approximately 40% of devices today continue running XP. Surprisingly, this includes medical facilities; plus many of them are also using Server 2003. All workstations, laptops and computer devices running Windows XP after April 8, 2014 will be non-compliant with HIPAA.  

It’s essential that you regularly review and inventory your entire IT system and computer devices to define risks and vulnerabilities. This is required under the HIPAA Security Rule, ARRA/HITECH/ (American Recovery and Reinvestment Act/ Health Information Technology for Economic and Clinical Health).

What To Do?

Start developing your strategy for moving your computers and medical devices away from Windows XP and Server 2003. And be sure to conduct regular security audits on your entire system to ensure you stay compliant.  Contact your IT provider for assistance.

For more information about:

HIPAA visit: https://www.hhs.gov/ocr/privacy/

ARRA visit: https://www.recovery.gov/Pages/default.aspx

HITECH visit: https://www.hhs.gov/ocr/privacy/hipaa/administrative/enforcementrule/hitechenforcementifr.html

We're Integris. We're always working to empower people through technology.

Keep reading

Nine Policies and Procedures for Compliance with HIPAA

Nine Policies and Procedures for Compliance with HIPAA

The HIPAA Security Rule was enacted in 1996 by the U.S. Congress, designed to establish national standards to protect individuals’ electronic personal health information used and/or stored by a covered entity. The HITECH act states that all healthcare providers will...