Just 12 Weeks to Get Rid of Windows XP
By Mike Semel
Time’s up. On April 8, 2014, Microsoft is ending security updates and patches for Windows XP and Office 2003. Just having a Windows XP computer on your network will be an automatic HIPAA violation— which makes you non-compliant with Meaningful Use— and will be a time bomb that could easily cause a reportable and expensive breach of protected patient information. HIPAA fines and loss of Meaningful Use money can far outweigh the expense of replacing your old computers.
The HIPAA Security Rule specifically requires that you protect patient information with system patches and updates, which will not exist for Windows XP after April 8. NIST guidance goes into more detail. In the early days of computers you upgraded your systems based on the introduction of new Intel chips and Microsoft operating systems. This cost thousands of dollars per user every few years. Everything settled down and now you have to replace Windows XP computers that may have been in use for 14 years. Yes, they may still work, but are you driving a 14 year-old car or watching a 14 year-old TV? Get past any denial and accept the fact that compliance regulations and Meaningful Use money require you to do this.