By Peter J. Cass, OD
Dec. 4, 2019
As of January 14, 2020, Microsoft will be ending support for Windows 7, and this could affect your practice, if you have computers still using Windows 7.
Here is why an operating system update impacts HIPAA security, and other vital practice functions, and what to do about it.
HIPAA Requires Security Updates
The HIPAA Security Rule requires that all Covered Entities must perform “periodic security updates” and have “procedures for guarding against, detecting and reporting malicious software” (see HIPAA Security Rule (45 C.F.R. § 164.308 (a)(5)).
If the software vendor no longer supports the software, that type of compliance will not be possible, as according to the Microsoft web site:
“If you continue to use Windows 7 after support has ended, your PC will still work, but it may become more vulnerable to security risks and viruses. Your PC will continue to start and run, but Microsoft will no longer provide the following support for your business:
· No technical support
· No software updates
· No security updates
To avoid security risks and viruses, Microsoft recommends you upgrade to Windows 10.”
Risk Of No Longer Being HIPAA Compliant
That means, after January 14, 2020, any PCs on a provider’s network running Windows 7 will not be a HIPAA compliant and in violation of HIPAA. There is not a way to make Windows 7 HIPAA compliant after January 14, 2020 other than upgrading.
Other Articles to Explore
This will also affect MIPS scores as MIPS requires you to attest that your practice has completed a Security Risk Analysis (SRA) and implemented appropriate security policy. Not keeping your operating system up to date would be inappropriate security policy. So, if your practice still has computers running on Windows 7, now is the time to start planning your migration to Windows 10.
The good news is most Windows 7 PCs can be upgraded to Windows 10 without being replaced. You can read more about it on Microsoft’s Windows 10 FAQ page here: support.microsoft.com/windows-10-upgrade-faq.
The Microsoft web site officially states that the “Windows 10 free upgrade through the Get Windows 10 (GWX) app ended on July 29, 2016,” however ZDNet reports that most users are still able to upgrade for free.
Always Get the Latest Operating System
My own practice is not using any windows 7 PCs at this point. We made the switch gradually as we purchased new computers (windows 10 was released in July 2015).
Any time I purchase new computers to replace existing ones, I make sure to get the latest operating system. We have workstations of varying ages, and we replace individual PCs as they break or slow down. By replacing PCs one at a time, it spreads out the cost, time and frustration associated with upgrading hardware, making it more manageable.
Keep Computers Up to Date & Operating Systems Will Be Up to Date, Too
For most practices, the switch to a new operating system is fairly seamless, as new PCs are typically added to replace old ones. The new PCs have the new operating system, and so it is just a fresh new computer for the employee. Windows has been fairly consistent with upgrades, keeping features and use familiar and compatible with older versions.
Will Your Diagnostic Equipment & Analytics Software Integrate with the New Operating System?
Practices should check with their EHR vendors before installing new computers/operating systems. You may also need to talk to equipment vendors, if the equipment has a built-in computer running on an older operating system. In my practice, we contacted our EHR vendor to confirm that its software was able to work with our new operating system.
Some older pieces of equipment are unable to run Windows 10, and will have to be replaced. Some devices will not work on Windows 10, and may need updates from the manufacturer.
For example, when we updated the computer that our topographer was attached to, the topography software no longer worked. We contacted the vendor, and were told we needed an updated version of the software. We were beyond the warranty period for the topographer, so we were charged for the software, but the rep did come out to reinstall the device and transfer the patient data.
In addition, many software programs that run in the background such as data analytic software (like ABB Analyze, Powered by Glimpse, or EDGEPro by GPN Technologies), phone system software and remote-access software could be affected by an operating system update, so it is important to also consult with those vendors before implementing the update.