Let’s put Windows XP in perspective

DecisionBase feels fortunate to have IT partners like CherryTopIT who put their clients first

We thought we should share their views on HIPAA and Windows XP

  

CherryTopFridayThoughts – March 21, 2014

– Special Edition –

Let’s put Windows XP in perspective after April 8, 2014

As we approach April 8, 2014, the Windows XP end of life, extended support, and the release of security updates, we would like to help put this in perspective and where you may stand.

Unlike the “hype” you may have received from IT companies anxious to get your attention and to sell you things the use of Windows XP after April 8, 2014 (according to the California Dental Association) will not, in and of itself, be a HIPAA violation. The CDA clearly explains this in their article dated January 27, 2014, which you can find here:

http://www.cda.org/NewsEvents/Details/tabid/146/ArticleID/2004/Clarifying-HIPAA%E2%80%99s-impact-on-using-Windows-XP-in-the-dental-office.aspx.

 

I have long felt this was the correct position, but, without the corroboration of a gigantic organization like the CDA, their legal resources and incumbent international scrutiny, I did not feel comfortable in sharing this opinion.

Should you decide to continue to use your XP computers, the following article by Jefferson Graham in USA Today on March 20th is worth your review

http://www.usatoday.com/story/tech/columnist/talkingtech/2014/03/20/windows-xp-antivirus-software/6578647/

 

Will Windows XP be gone completely from your office, or from many others, by April 8? 

I sincerely doubt it.

  • There are many i-CAT capture machines running Windows XP. I know of no clients who have received a call from Imaging Sciences making them aware of the need to change their operating systems or update their computers before April 8th.
  • I have not been informed that Carestream is rushing to replace any of their CBCT capture systems, many running Windows XP, on networks we manage.
  • Several of our clients have Vatech or Planmeca CBCT capture systems, and, as of this moment, I am unaware of any campaign to replace these systems, many running Windows XP.

 

Yes, you as the provider of care are responsible for the privacy of your patients’ data.

 What should we do now in light of HIPAA, Microsoft, and your aging systems?

One: Create and document a plan to move beyond Windows XP for functional as well as security reasons. This, according to the CDA, will satisfy HIPAA requirements. (Yes, we eventually need to replace all of your Windows XP PCs.)

Two:  Add network perimeter defense and Internet access control with a filtration firewall like the NETGEAR UTM (Unified Threat Management) device. You already have a barrier (firewall) separating your network from the outside world, making it hard to break in to your network, but it is not filtering the data that is being brought in constantly by access to the Web. This UTM has four filtration engines. This device was tested, along with five others, and found to be 99.7% effective against 3700-plus random threats. We have slowly begun rolling this UTM out to our clients over the last year, observing the performance and results, and it is working very well. This provides a robust, but not complete solution.

Three: Get on the latest version of Symantec Endpoint Protection (formerly Symantec AntiVirus) and keep it up-to-date. In the past you purchased Symantec AntiVirus software for your network and server when we replaced your server every five years or so. You received signature updates for the life of the product without additional fees. This was before the serious ramp-up in malware and other threats. Things are much more complicated now. SEP watches each system for signatures and signs of a problem, but, unlike the firewall, it has the ability to watch the computer code being executed. Heuristics. A yearly subscription for the daily updates and version updates is now critical.

 

What, specifically, needs to be done before April 8, 2014 to be HIPAA compliant?

We can help you

·         Begin the HIPAA assessment process.  Detail your computers, network equipment, software and operating systems.  Outline what you plan to change and on what projected timeline.  A paragraph or two in length, this will begin the full HIPAA assessment process with the most pressing issue, the retirement of Windows XP.

·         Significantly increase your perimeter protection with the NETGEAR UTM firewall.

·         Bring Symantec Endpoint Protection current and keep it there.

·         Lastly, identify and plan for a full assessment of security considerations and best practices as detailed in HIPAA and subsequent revisions. Change is good. But on your schedule and on your budget.

Thanks for your support

Looking forward to the arrival of spring and the opportunity to have many more springs serving you and your practice. I hope you have a great weekend! 

W. Dick Luchtman  http://www.cherrytopit.com/

Category: AAP, EMR, News, OMS, Perio · Tags:

Leave A Comment

 
twitter twitter twitter twitter
Subscribe for Newsletter