25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Is Windows 11 HIPAA Compliant?

Posted By on Feb 26, 2025

Windows 11 is HIPAA compliant inasmuch as the operating system has the underlying security and administrative capabilities to support HIPAA compliance. In addition, Microsoft has confirmed that its in-scope cloud platforms and services are covered by the Microsoft Business Associate Agreement when used on a device running Windows 11.

With support for many editions of Windows 10 ending in October 2025, organizations using Microsoft services will be required to upgrade their operating systems to Windows 11. For most organizations currently using Windows 10, the upgrade process is straightforward. Provided devices meet minimum system requirements, programs, apps, and settings currently being used on the devices will be migrated automatically to the upgraded operating system.

For organizations currently using older Windows operating systems (i.e., Windows 7), the upgrade will not be so straightforward. Depending on the existing configuration, upgrading to Windows 11 may require a clean install – in which case programs, apps, and settings will not be migrated. In some cases, it will be necessary to purchase new hardware if – as likely – devices using older Windows operating systems do not meet the minimum system requirements.

Windows 11 for Healthcare Organizations

Healthcare organizations using Windows 10 that are subscribed to a HIPAA compliant Microsoft 365 or Office 365 plan should have no problem upgrading to Windows 11 unless they are using any 32-bit programs or apps which are no longer supported. It will also be necessary to manually import or download the Timeline app, and programs such as 3D Viewer, OneNote, Paint 3D, and Skype if these apps or programs are being used by members of the workforce.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

It is also recommended for system administrators to review the “Depreciated Features” and “What’s New” pages on the Microsoft web site to identify features scheduled to be removed from the Windows 10 and Windows 11 operating systems, and what they will be replaced with. In only very few circumstances will healthcare organizations be required to make any security or administrative adjustments in order to make Windows 11 HIPAA compliant.

HIPAA Compliance and Older Versions of Windows

Healthcare organizations using older Windows operating systems with Version 2002 of Office 365 (or earlier!) may have a bigger compliance problem than worrying is Windows 11 HIPAA compliant. Microsoft stopped supporting Windows 7 in 2020 and Microsoft Security Essentials for Windows 7 in 2023. This means users stopped receiving software security updates – leaving devices vulnerable to security risks and viruses.

As a result, any HIPAA covered organization that is using Microsoft services and has not upgraded to Windows 10 (or that does not upgrade to Windows 11 by October 2025) will be in violation of HIPAA. This is because in 2014, HHS’ Office for Civil Rights published an FAQ relating to minimum operating system requirements for computer systems. The answer is relevant to HIPAA compliance and older versions of Windows for organizations still using them.

“The Security Rule does not specify minimum requirements for personal computer operating systems, but it does mandate requirements for information systems that contain electronic protected health information (e-PHI). […] Additionally, any known security vulnerabilities of an operating system should be considered in the covered entity’s risk analysis (e.g., does an operating system include known vulnerabilities for which a security patch is unavailable, e.g., because the operating system is no longer supported by its manufacturer).” [Bold text added for emphasis]

Is Windows 11 HIPAA Compliant? Conclusion

Windows 11 is HIPAA compliant provided any services used to create, receive, store, or transmit Protected Health Information are “in-scope” and covered by the Microsoft Business Associate Agreement. Healthcare organizations that experience issues upgrading from Windows 10 to Windows 11 should reach out to their Support Ambassador. Healthcare organizations using older Windows operating systems are advised to seek advice from a compliance professional with experience of Microsoft operating systems.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist