Windows XP Use May Violate HIPAA Starting April 8, 2014

By Rose Willis and Jared Smith

If you use Windows XP on April 8, you will be easily susceptible to cyber-attacks and violations of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Windows XP support is ending on April 8, 2014, when support and security updates will no longer be available. This means that (according to Microsoft) you will become five times more vulnerable to security risks and viruses.

Further, the HIPAA Security Rule requires Covered Entities to maintain “[p]rocedures for guarding against, detecting and reporting malicious software” where reasonable and appropriate. When Microsoft discontinues its Windows XP support and security updates, Covered Entities using Windows XP will no longer be compliant with the HIPAA Security Rule’s directive.

Many small and medium sized healthcare providers still use Windows XP. Those providers must take these steps prior to April 8 to ensure their continuing compliance with HIPAA:

  • Determine whether you can upgrade your workstations to the new Windows operating system. According to Microsoft’s website, an upgrade will cost you $199.00. Your ability to upgrade is based on the age of your computer.
  • Get a new Windows PC. If you cannot upgrade, you will need to purchase new computers with secure operating systems.

Please contact your Dickinson Wright attorney if you need assistance on this issue.