As of January 14, 2020, Microsoft will be ending support for Windows 7 and this could affect your practice,  if you have computers still using Windows 7. The HIPAA Security Rule requires that all Covered Entities must perform “periodic security updates” and have “procedures for guarding against, detecting, and reporting malicious software” (see HIPAA Security Rule (45 C.F.R. § 164.308 (a)(5)). If the software vendor no longer supports the software, that type of compliance will not be possible as according to the Microsoft website:

“If you continue to use Windows 7 after support has ended, your PC will still work, but it may become more vulnerable to security risks and viruses. Your PC will continue to start and run, but Microsoft will no longer provide the following support for your business: 

  • No technical support
  • No software updates
  • No security updates

To avoid security risks and viruses, Microsoft recommends you upgrade to Windows 10.”

So unfortunately, after January 14, 2020 any PCs on a provider’s network running Windows 7 will not be a HIPAA compliant and in violation of HIPAA. There is not a way to make Windows 7 HIPAA compliant after January 14, 2020 other than upgrading. This will also affect MIPS scores as MIPS requires you to attest that your practice has completed a Security Risk Analysis (SRA) and implemented appropriate security policy. So, if your practice still has computers running on Windows 7, now is the time to start planning your migration to Windows 10. 

The good news is most Windows 7 PCs can be upgraded to Windows 10 without being replaced. You can read more about it on Microsoft’s Windows 10 FAQ page here: support.microsoft.com/windows-10-upgrade-faq. The Microsoft website officially states that the “Windows 10 free upgrade through the Get Windows 10 (GWX) app ended on July 29, 2016”, however ZDNet reports that most users are still able to upgrade for free (see zdnet.com/how-you-can-still-get-a-free-windows-10-upgrade/).

Feel free to reach out to me with questions. 

Peter J. Cass, O.D. 

VP Development, Practice Compliance Solutions