Change in Microsoft Support Could Lead to HIPAA Security Violation

February 21, 2014

Microsoft Corporation has announced that after April 8, 2014, it will no longer provide technical support and Microsoft Security Essentials downloads for the Windows XP Operating System (OS). In this announcement, Microsoft warns, “If you continue to use Windows XP after support ends, your computer will still work but it might become more vulnerable to security risks and viruses.” While Windows XP users will continue to receive anti-malware signature updates for a limited time, Microsoft will no longer provide security updates to this OS. Therefore, a PC using the XP OS will not be secure.

What does this mean for you?

HIPAA Security Rule requires all covered entities and their business associates have procedures for guarding against, detecting, and reporting malicious software. Providers and their business associates running Windows XP after April 8 will be at risk for a HIPAA violation, under the Administrative Safeguards section, 164.308 (a) (5) (ii) (B), of the HIPAA Security Rule.

How TMLT can help.

TMLT has developed a Toolkit to assist covered entities to review, revise, and comply with Texas and federal Medical Privacy and Security rules. TMLT can also perform a Privacy & Security Risk Assessment to determine your organizations risks, threats and vulnerabilities; for more information contact us at consultingwebmail@tmlt.org or call Stephanie Downing at 800-580-8658 extension 4884.

In addition, you should also check your servers while checking your OS.  Microsoft has also announced that it will no longer provide technical support to Window Server 2003 after July 15, 2015. Even though this date is more than a year away, server upgrades and replacements may take additional planning.

Previous Article
Changes TMLT Payment Options, Discounts, Coverage

To better serve you, TMLT is launching several changes and improvements to our policies and services.

Next Article
How Secure is Your Patient Portal?

Recently the National Cybersecurity and Communications Integration Center issues an alert concerning SSL 3....