Can I use Windows 7 and / or Windows Server 2008 and still be HIPAA compliant?
On 14 January of this year, Microsoft ended support for its Windows 7 and Windows Server 2008 workstation and server operating systems. This meant that neither Windows 7 or Windows Server 2008 would receive any additional security updates or support from Microsoft. Based on this, I believe that the short answer is no.
The HIPAA Security Rule requires that all software used by Covered Entities and their Business Associates be kept up to date with updates from the [software] manufacturer. This means the Electronic Medical Records (EMR), Electronic Health Records (EHR), Practice Management software as well as the Operating Systems. In the case of Windows 7 and Windows Server 2008, since the manufacturer [Microsoft] no longer provides support or updates, this simply is not possible, even if your EMR, EHR, Practice Management software or similar still provides support.
In addition to losing HIPAA compliance, the continued use of Windows 7 or Windows Server 2008 by a Covered Entity or their Business Associate could be probemeatic for Covered Entities attesting under MIPS for Meanful Use, since Meaningful USe requires that the Covered Entity attest that they are HIPAA Compliant.
Are you a HIPAA Covered Entity or Business Associate with HIPAA Compliance Requirements looking to leverage technology and enable your business and workforce to work smarter and more efficiently? Do you already have computers, servers, firewalls, VPNs or other technology that you’re not taking full advantage of or that’s in need of an upgrade? Are you looking for an IT Service Provider who understands your businesses needs and the challenges that you face that can work with you to grow your business rather than just sell you billable time?
Cyber Tech Cafe an IT Service Company with a focus on helping businesses get the most out of their technology investment. We understand the challenges you face and have designed our service offerings to help you get the most out of your technology dollar. We offer on-call, as needed support if you just need a quick fix or extra set of hands right now. We also offer maintenance plans that we call MyIT that are designed to address the most common concerns (user management, patch management, data protection, disaster recovery / backup, log review, etc.) that are based on the number of workstations and servers that you have and have no term contract. We believe that, if you find value in what we’re doing, you’ll find a way to keep us around without contract saying that you have to.
If you have questions about the MyIT plans or have an IT need that you need addressed right now, let us know. We look forward to the opportunity to earn your business.
Additional Info