Software Solutions/EHR

Upgrade from Windows XP to Remain HIPAA Compliant

By Wes


Support for the Windows XP computer operating systemis being discontinued, meaning security updates required by HIPAA are no longer available. Here is what you need to know to manage the transition to HIPAA-compliant alternatives.


REPLACE WINDOWS XP WORKSTATIONS. You can use workstations powered by Windows 8 Pro License instead.
CONDUCT A HIPAA RISK ASSESSMENT. Ensure your document replacement operating system is HIPAA compliant.
AVOID PENALTIES. Failure to transition to another operating system could compromise patient privacy and risk the practice penalties and fines.

Support for the Windows XP computer operating system, so commonly used in optometry offices, ends April 8, 2014. That means that if you have computers or other devices or instrumentation in your office running on Windows XP, security patches and upgrades will no longer be provided by Microsoft. Without those security patches and upgrades, your computers and other devices and instrumentation will no longer be HIPAA compliant. Here are some of the key points you should know about the transition you will need to implement to ensure HIPAA compliance.

Forty percent of the computers in offices are running on Windows XP, according to Microsoft. That percentage is probably higher for optometry, and probably is pushing 60 percent in this industry.


The best solution is to replace the XP workstations with workstations that have the Microsoft Windows 8 Pro license. Then downgrade the system to Windows 7 Pro, because much of the industry software doesn’t run well or at all on Windows 8. However, with the Windows 8 license a practice will be able to upgrade back to Windows 8 without paying for the license again when Microsoft ends the life of Windows 7 in a few years. By then all of the industry software will work on Windows 8. Plus, you will know that the workstation is powerful enough to run Windows 8 as opposed to upgrading an existing workstation. This will give you the lowest total cost per workstation over a five-year period.

Editor’s Note: Windows XP was a HIPAA-compliant solution for ODs for 12 years. This is a significant upgrade that should keep your practice’s operating system HIPAA compliant for someyears to come. If you have a computer that is running XP, you must upgrade–no exceptions–to be HIPAA compliant.


Conductinga HIPAA risk assessment is required byHIPAA regulations, and during the course of the risk assessment your practice technology infrastructure isevaluated. The risk assessment reportwill provide therequireddocumentation to show that the practice has a technology infrastructure that is compliant with HIPAA regulations, in the case of an audit.

>>Click HERE to view a video on conducting a HIPAA risk assessment.>>


Transitioning from Windows XP to a HIPAA compliant system is the right thing to do for your patients, as well as a mandate. Those who don’t will face potential fines from a HIPAA data breach of ePHI from a system that got breached by malicious software because it was no longer getting security updates.

Related ROB Articles & Videos

Conduct a HIPAA Risk Assessment

Guide to Meeting HIPAA Requirements When Using Your EHR

Make Your Office HIPAA-Compliant

Wes Strickling is founder and CEO of Codex Techworks in Columbus, Ohio.The firm specializes in the hardware and software used in optometric practices. To contact him:

To Top
Subscribe Today Free...
And join more than 25,000 optometric colleagues who have made Review of Optometric Business their daily business advisor.
Subscribe Today Free...
And join more than 25,000 optometric colleagues who have made Review of Optometric Business their daily business advisor.