If your group has not yet upgraded your IT operating systems and is still deploying Windows XP on some or all workstations, it has only until April 8, 2014 to domplete the tew OS as Windows XP will no longer be HIPAA or meaningful use compliant within six weeks.
Any group found to be using the outdated software will be breaching The Security Rule of the Health Insurance Portability and Accountability Act of 1996. Windows XP is now old and out of date with the software first sold in 2001. Microsoft has now made the decision to stop releasing patches and security updates for XP, rendering it obsolete. Since software updates are a requirement under the Security Rule, businesses will be forced to upgrade computer software. The cost of upgrading computer systems can be considerable, but the financial penalties organizations now face for HIPAA non-compliance are likely to be much higher.
Since the deadline for upgrading software only around 12 weeks away, it does not give institutions very long to effect the appropriate changes. Healthcare groups, government departments and all HIPAA-covered groups now looking to implement upgrades could face delays due to a shortage of available hardware and new installations can take time to put in place, especially with large healthcare groups using outdated hardware as PC´s and laptops may also need to be upgraded in order to run up to date operating systems. The message being issued is clear: Do not delay system upgrades and order software and hardware promptly and address in delays in receiving equipment.
The costs for healthcare organizations are considerable, although there are a number of cost effective options available which will ensure compliance that do not require all hardware to be renewed. Mobile devices, PC’s and laptops can be leased to ease the cost, and software can be rented rather than purchased. Data can be stored safely in the cloud reducing the need for onsite data storage and the hardware that requires.
Consult an IT professional for information on the best way to implement upgrades to minimize costs while ensuring HIPAA compliance and make sure that any business associate or supplier is made aware of HIPAA regulations. They must also complete a HIPAA business associate agreement.
It is not enough replace only those computers with network access, as data may be stored on individual PCs. Data should be sorted on a central system –this can be set up by your IT professional – and individual PC’s running Windows XP should be upgraded. If you have other programs or diagnostic tools which work with Windows XP it is advisable to contact the vendor of the software. All systems will need to be updated and any diagnostic tools or programs written to work with windows XP must also be upgraded.
Professional software packages must be used due to the additional security measures put in place. Home software editions cannot be deployed for business use as they lack the necessary safeguards to protect patient health data. It is also important that computer systems are set up by qualified IT workers. Simply buying the software is not enought in itself to ensure compliance and data security.
With only 12 weeks to go until software systems need to be upgraded it is crucialthat action is taken promptly to ensure continued HIPAA and Meaningful Use compliance.