Windows 7 Support is Ending
The HIPAA Security Rule requires that all software used by Covered Entities and Business Associates be kept current with updates from the software vendors. When a vendor drops support for a software program, it can no longer be used by the practice.
Microsoft has announced that it will end support for Windows 7 on January 14, 2020. After January 14, 2020, having any Windows 7 computers in your office will be a HIPAA violation since it will no longer be HIPAA compliant.
Having Windows 7 computers in the office after January 14, 2020 will also cause issues if you attest for MIPS. Part of the MIPS attestation is stating that you are in compliance for HIPAA regulations.
Take Inventory of Your Office Computers
If you have not already taken an inventory of the computers in your office, you need to make this a priority. If you have any computers running Windows 7, you will need to upgrade or replace the computer.
If you replace the computer, you should take the old Windows 7 computer physically out of the office to avoid any HIPAA compliance issues. You should also remind all staff that they should not bring Windows 7 computers or laptops into the office.
Make sure you take a thorough inventory of the computers in your office. Computers and laptops used by the office staff, therapists, and patients all need to be checked.
If your phone system runs on a computer, you will need to check it. If you have a fax server that uses a computer, you will need to check it.
Other operating systems that are no longer supported include Windows XP, Windows Server 2003, and Windows Server 2008. Windows 8 will still be supported until 2023 but it may be a good idea to update those computers as well at this time.
The Windows 7 Operating System has been very popular and many users are still using it. In fact, I just replaced my Windows 7 computer this past month, it was the last Windows 7 computer in our company.
Make a Plan to Upgrade Your Computers
After you have taken an inventory of the computers in your office, decide which ones can be upgraded and which ones will need to be replaced.
Don't forget to build in some time for training, the new Windows 10 operating system and software may take some time to get used to and additional training may be needed.
One final issue if you replace computers in the office. The computer may contain Protected Health Information so the hard drive should be wiped or destroyed before they are removed from the office.
If you use an outside service to destroy or dispose of the hard drive, make sure they provide you with a certification of destruction that you can add to your HIPAA documentation to show your due diligence in destroying the Protected Health Information.
Proper record keeping is essential in case you are selected for a HIPAA audit. With an increase in HIPAA violation fees, poor documentation can become very costly.