25% off all training courses Offer ends July 30, 2026
View HIPAA Courses
25% off all training courses
View HIPAA Courses
Offer ends July 30, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Windows XP No Longer HIPAA Compliant

If your organization has not yet upgraded your IT operating systems and is still using Windows XP on some or all workstations, it has only until April 8, 2014 to migrate to a new OS as Windows XP will no longer be HIPAA or meaningful use compliant in six weeks.

Any organization found to be using the outdated software will be in violation of The Security Rule of the Health Insurance Portability and Accountability Act of 1996. Windows XP is now old and out of date with the software first introduced in 2001. Microsoft has now made the decision to stop issuing patches and security updates for XP, rendering it obsolete. Since software updates are a requirement under the Security Rule, companies will be forced to upgrade computer software. The cost of upgrading computer systems can be considerable, but the financial penalties organizations now face for HIPAA non-compliance are likely to be substantially higher.

Since the deadline for upgrading software is just 12 weeks away, it does not give institutions very long to effect the appropriate changes. Healthcare organizations, government departments and all HIPAA-covered entities now looking to implement upgrades could face delays due to a shortage of available hardware and new installations can take time to roll out, especially with large healthcare organizations using outdated hardware as PC´s and laptops may also need to be upgraded in order to run up to date operating systems. The message being issued is clear: Do not delay system upgrades and order software and hardware promptly and factor in delays in receiving equipment.

The cost implications for healthcare organizations are considerable, although there are a number of cost effective options available which will ensure compliance that do not require all hardware to be upgraded. Mobile devices, PC’s and laptops can be leased to spread the cost, and software can be rented rather than purchased. Data can be stored securely in the cloud reducing the need for onsite data storage and the hardware that requires.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Consult an IT professional for advice on the best way to implement upgrades to minimize costs while ensuring HIPAA compliance and make sure that any business associate or supplier is made aware of HIPAA regulations. They must also agree to sign a HIPAA business associate agreement.

It is not sufficient to replace only those computers with network access, as data may be stored on individual PCs. Data should be held on a central system –this can be set up by your IT professional – and individual PC’s running Windows XP should be replaced. If you have other programs or diagnostic tools which operate under Windows XP it is advisable to contact the vendor of the software. All systems will need to be updated and any diagnostic tools or programs written to work with windows XP must similarly be upgraded.

Professional software packages must be used due to the additional security measures incorporated. Home software editions are not suitable for business use as they lack the necessary safeguards to protect patient health data. It is also essential that computer systems are set up by qualified IT professionals. Simply purchasing the software is not sufficient in itself to ensure compliance and data security.

With only 12 weeks remaining until software systems need to be upgraded it is essential that action is taken promptly to ensure continued HIPAA and Meaningful Use compliance.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist