Windows XP and HIPAA Non-complianceBy Wyn Staheli, President, InstaCode Institute
For anyone who is not a computer techie, the announcement by Microsoft about discontinuing support for Windows XP may not mean much. However, from a HIPAA perspective, this is very important information because Section 164.308(a)(5)(ii)(B) of the HIPAA Security Rules includes an 'addressable' requirement of Protection from Malicious Software where covered entities need to implement "procedures for guarding against, detecting, and reporting malicious software".
Officially, after April 8, 2014, technical assistance for Windows XP will no longer be available. This means that there will be no more automatic updates protecting your PC and even though your computer will still work, the problem is that without these updates, it becomes more vulnerable to security risks and viruses.
Even if you have encryption and anti-virus software on your Windows XP computer, it won't help because the problem is related to the flaws in the operating system itself. Encryption protects communication to and from the computer, but not the computer itself. Anti-virus can help protect a computer, but that depends on what security flaws might be found in XP after Microsoft no longer supports it.
Here's what happens from the 'hacker' perspective. Microsoft releases an update (patch) for a supported operating system. Hackers review those patches and see if that same vulnerability exists in the old operating systems that are no longer supported. If so, then your old, faithful, reliable XP computer becomes a prime target no matter what encryption or anti-virus you have installed on it. If you have a security breach on that XP computer, you have not implemented appropriate safeguards to meet the HIPAA requirements.
If you still have reservations, read the following article which was written by an Information Technology (IT) service provider:http://betanews.com/2013/09/02/5-big-myths-surrounding-computer-security-and-hipaa-compliance/
Before making any upgrades there are some key points to remember:
- Version choice: Windows 7 or 8 are your best options. Switching to Windows 8 has some distinct advantages when it comes to encryption, however, some IT professionals say that it has it's own share of problems because it is a newer operating system.
- Your software: Talk to your medical billing software and/or EHR vendors to determine which Windows version they recommend to ensure compatibility.
- Discarding: Your old computer(s) cannot be discarded without taking the HIPAA required steps of completely wiping the system. Just un-installing software is insufficient and can lead to a breach.
- Learning curve: It takes time to learn a new operating system. Factor in extra time to adjust to the new system. Take classes if necessary.
Don't wait. With all the changes coming for ICD-10, do not put off this important task. You don't want to deal with two learning curves at the same time.
Wyn Staheli is the President of InstaCode Institute. For more information about HIPAA, ICD-10-CM, ICD-10-PCS, and medical coding and billing please visit FindACode.com where you will find the ICD-10 code sets and the current ICD-9-CM, CPT, and HCPCS code sets plus a wealth of additional information related to medical billing and coding.
Publish this Article on your Website, Blog or Newsletter
This article is available for publishing on websites, blogs, and newsletters. The article must be published in its entirety - all links must be active. If you would like to publish this article, please contact us and let us know where you will be publishing it. The easiest way to get the text of the article is to highlight and copy. Or use your browser's "View Source" option to capture the HTML formatted code.
If you would like a specific article written on a medical coding and billing topic, please contact us.
contactinnoviHealth Systems, Inc.
62 East 300 North
Spanish Fork, UT 84660
Phone: 801-770-4203 (9-5 Mountain)