Running Windows XP means you are non-compliant and open to liability
On April 8, 2014, Microsoft is ending security updates and patches for Windows XP and Office 2003. After this date, Microsoft will not release any security patches or updates for Windows XP. This will effectively make Windows XP non-compliant with HIPAA / HITECH after Microsoft support ends. Just having a Windows XP computer on your network will be an automatic HIPAA violation— which makes you non-compliant with Meaningful Use— and will be a time bomb that could easily cause a reportable and expensive breach of protected patient information. HIPAA fines and loss of Meaningful Use money can far outweigh the expense of replacing your old computers.
The HIPAA Security Rule specifically requires that you protect patient information with system patches and updates, which will not exist for Windows XP and windows server 2003 after April 8. NIST guidance goes into more detailYour computers will NOT die after April 8th. But what will happen is you will see vendors start phasing it out and not supporting it anymore.
Getting rid of Windows XP sometimes means replacing both hardware and software. Consider replacing desktops. Computers are not as expensive as they used to be. Systems start as low as $250.
Goodbye Windows XP
Windows XP was released August 24, 2001 and has been widely deployed in homes and corporate environments alike. In the Healthcare arena, XP may be found on workstations used by clinical staff, CT machines, and other critical medical devices.
Most of these devices are connected to the network to connect to EHR/EMR systems, so simply disconnecting them is not an option. In addition, many of these devices are running old and proprietary applications that may not run on a newer operating system such as Windows 7 or 8.
What can an IT pro do when faced with this dilemma? In an ideal world your systems would already be off XP or you would be well into a migration effort. However, some of us have inherited this problem and must find a solution that not only addresses this problem, but also does so in a cost effective manner. Ideally, you will even have the opportunity to make technical improvements in your infrastructure, enhance security and manageability of your systems, and provide your clinical staff with a more efficient computing environment.
Evaluate your current situation
Getting your vendors involved is very important at this stage. You will want to find out about how to move to newer versions of their software which are compatible with Windows 7 or beyond. If you have current maintenance you may just need to download their newest software and apply your testing process. If you are not in maintenance, you may face pricey upgrades to move to their new platform.
Another option may be to run the application on a terminal server and have your clients access the application via a remote desktop connection.
Lastly you will also want to do an assessment on your medical devices to see which of these systems may be impacted by the Windows XP "sunset".
Your next steps are to evaluate your current workstations. Do they have the resources to run a newer version of Windows? If so you can exercise your volume licensing upgrade options, or purchase the proper licensing to upgrade your environment. A more likely scenario would be that you have old workstations that are overdue for replacement anyway, in which case, upgrading would not be practical.
You can look at simply replacing your desktops with new shiny boxes and work on your migration plan for applications and user data. Another option you may strongly consider is implementing a VDI (virtual desktop infrastructure).
Now is the time to take action. Start working on your strategy for moving your computers and medical devices off Windows XP. Size up your vendor support for upgrading to a newer OS, get an inventory of your impacted devices, and evaluate how you will update your endpoints. Moving to a newer operating system will help you provide a more secure environment in your facility and ensure compliance with HIPAA / HITECH.
Call our friendly technical support staff today for and evaluation and help upgrading your systems. 347-371-3311 or 718-673-8192