health care provider windows xpNot only will we not work on these PC’s, but when we come into your office, we’ll unplug them. How could a user-centric, full-service, proactive I.T. firm do this to a client? How could we not. These computers are running on Windows XP and that’s a serious problem.

If you are a doctor’s office, dental practice, vision care center, hospital, physical therapist, psychologist or other health care provider and you have even one computer running Windows XP, you now have

security flaws which can negatively affect your HIPAA compliance. The rules say that reasonable actions have to be taken to secure your technical environment from security threats.

Even if you’re not using that specific computer for transmitting insurance claims, health updates or billing information, it’s still touching the rest of your network and it may put the entire network at risk. Support from Microsoft for Windows XP ended on April 8, 2014. This means no more updates, no patches, nor any support for the operating system and you’re unable to keep the network compliant with the rules set forth by HIPAA.

It’s incredibly risky to the privacy of your clients, to the security of your network and the finances of your business. The fine for a violation due to willful neglect is $10,000 per violation. HIPAA violations have resulted in fines of up to $200 per record. How many patients have you seen in the last several years? You’ve got records on all of them … times $200 each? Can you afford $50k? The Department of Health and Human Services has an entire enforcement division just looking for problems.

What Can You Do To Protect Yourself?

Remove them. HIPAA compliance and Windows XPTake all Windows XP machines off your network immediately. Ideally, you should turn them off and unplug all network and internet connections. Get new Windows 8.1 systems. I guarantee they cost less than $10,000.

Repurpose or recycle. If you can’t bear to part with it, take it off the network and make it a games machine for children in the waiting room. Or give it to your own kids. Or take it to an electronic recycler.

The Most Important Thing To Do

Conduct an annual security analysis. This is the first thing you can do to keep yourself in compliance. Failure to do this means you’re not in compliance with HIPAA regulations, whether you have XP or not. Your I.T. department or your I.T. service firm should already be doing this.

Not sure if you’re at risk? If you’re in the Fresno/Clovis area, feel free to call us at (559) 485-4335 to find out.

Sources:

http://privacyruleandresearch.nih.gov/pr_06.asp
http://www.hhs.gov/ocr/privacy/hipaa/enforcement/index.html
http://www.ama-assn.org/ama/pub/physician-resources/solutions-managing-your-practice/coding-billing-insurance/hipaahealth-insurance-portability-accountability-act/hipaa-violations-enforcement.page?
http://www.gpo.gov/fdsys/search/pagedetails.action?collectionCode=CFR&searchPath=Title+45%2FSubtitle+A%2FSubchapter+C%2FPart+164%2FSubpart+C&granuleId=&packageId=CFR-2007-title45-vol1&oldPath=Title+45%2FSubtitle+A%2FSubchapter+C%2FPart+164%2FSubpart+D&fromPageDetails=true&collapse=true&ycord=0