Dr. Bornstein, Donald Trump’s personal doctor, has received more attention from his use of Windows XP than his comments about Mr. Trump’s health.
So, does Windows XP violate HIPAA policies? No, well kinda. And to me, YES!
Here’s the deal. Windows XP alone does not equate to a HIPAA violation. The security rule doesn’t mandate minimum operating system requirements for covered entities. It does, however, set requirements for information systems that contain electronic protected health information. “The security capabilities of the operating system may be used to comply with technical safeguards, standards, and implementation specifications such as audit controls, unique user identification, integrity, person or entity authentication, or transmission security,” according to the U.S. Department of Health and Human Services.
Where does this leave us? As a 16-year technology professional in the healthcare sector, I believe the risk of running Windows XP is far too high. Period. Since Microsoft no longer supports Windows XP and does not create security patches to protect the OS, it should not be used.
So what do you do? You upgrade to Windows 7, or better yet, Windows 10. The monetary investment is a lot cheaper than a fine from the OCR. Plus, you are responsible for protecting your patients’ health records and Windows XP doesn’t cut it.
Talk to your technologist and create a roadmap to compliance. Or if you do not have a technologist, contact us to help create your technology roadmap.