HIPAA AND THE WINDOWS OPERATING SYSTEMS: XP, VISTA, 7, 8 AND 10
Microsoft operating systems continue to evolve. The new ones replace the old ones and eventually, support of the old ones stops. When no longer supported, they are defenseless to current threats, vulnerable to cyber attacks and no longer acceptable to HIPAA.
Here is a brief review of Microsoft’s recent operating systems and their HIPAA status.
WINDOWS XP 1 was retired and no longer supported on April 8, 2014. Having a Windows XP computer on your network is a HIPAA violation.
WINDOWS VISTA 2 – The consumer editions were retired and no longer supported on April 10, 2012.
The business edition switched from mainstream support to extended support on April 10, 2012 and the extended support will end on April 17, 2017. On this date, having a vista computer on your network will be a HIPAA violation.
WINDOWS 7 3 as of January 13, 2015, mainstream support ended and extended support was made available, and will be available until January 14, 2020.
This change in support status applies to all home and business versions of Windows 7 (Home Basic, Home Premium, Ultimate, Enterprise and Starter).
Extended support is acceptable to HIPAA provided your machines have the most current updates with particular attention to the security patches.
On January 14, 2020, Windows 7 will be retired, no longer supported, and having a Windows 7 computer on your network will be a HIPAA violation, assuming the rules stay the same.
(ALSO, Windows Server 2008 is subject to these same conditions and dates.)
WINDOWS 8 (and 8.1) 4 were retired and no longer supported on January 16, 2016. Having a Windows 8 or 8.1 computer on your network is a HIPAA violation.3
WINDOWS 10 5 Microsoft has yet to release instructions regarding 10 and its HIPAA and HITECH compliance. Until they do, due to Cortana, the Microsoft verbal search persona and tool, Windows 10 may violate HIPAA if you deal with PHI. The issue is Windows 10 shares Cortana search results with Bing.
Only Windows 10 Enterprise allows you to turn off data collection to abort the Cortana sharing issue.
Windows 7 is an acceptable system until 2020.
Windows 10 is a question mark.
The other Windows systems XP, VISTA*, 8.0 and 8.1 are no longer acceptable per HIPAA rules.
* becomes unsupported on 4/11/2017
For more information and details regarding these systems please see these articles:
1 XP ~ Mike Semel; http://www.hitechanswers.net/hipaa-meaningful-use-compliance-windows-xp/
2 Windows Vista ~ Ed Bott
~ Richard Hay
3 Windows 7 ~ eMazzanti https://www.emazzanti.net/end-of-mainstream-support-not-the-end-of-the-road-for-windows-7-and-windows-server-2008/
4 Windows 8 ~ Gordon Kelly
5 Windows 10 ~Cathy Reisenwitz http://blog.capterra.com/hipaa-compliance-and-windows-10-5-things-you-need-to-know/
Dale Brodsky, Founder & Owner of Fundus Photo — provides a broad range of ophthalmic imaging equipment and Fundus Photo’s “NewVision Ophthalmic Imaging Suite”, software designed specifically for ophthalmic imaging and image management.