Are you using Windows XP? You may need to upgrade April 4, 2014 General HIPAA Security Rule, Health Information Technology, HIPAA 0 Physician offices using Windows XP should be aware that Microsoft will no longer be providing support for Windows XP after April 8, 2014. This means that updates, bug fixes, security patches and troubleshooting will not be available for systems operating Windows XP, making such systems vulnerable to security risks. While the California Medical Association (CMA) has received concerns from physicians who are being told that they will be in "automatic violation of the Health Information Portability and Accountability Act (HIPAA)" for using Windows XP after April 8, the HIPAA security rule does not specifically mandate any minimum operating system requirements. Physician offices using Windows XP however, should be aware that continuing to use an unsupported operating system without the proper maintenance in place to protect electronic patient health information (PHI) increases their risk of security breaches. The HIPAA security rule requires a security management process, which means the development and implementation of policies and procedures to prevent, detect and correct potential risks and vulnerabilities to electronic PHI. An unsupported operating system should be identified as a risk and physician practices using Windows XP should conduct a risk assessment to determine the appropriate measures to reduce any risks to electronic PHI, including upgrading to a more current, supported operating system. For more information, see CMA On-Call document #4102, "HIPAA Security Rule." On-Call documents are available free to members in CMA's online health law library at www.cmanet.org/cma-on-call. Nonmembers can purchase On-Call documents for $2 per page. Contact: CMA Center for Legal Affairs, (800) 786-4262 or legalinfo@cmanet.org. Comments are closed.