Keeping Your Small Healthcare Business HIPAA Compliant in 2020
By now you’ve heard that the well-loved Windows 7 Operating System, in all its various forms, has reached the end of its support life with Microsoft. The official EOL (end of life) date is January 14th, 2020.
What does this really mean for your small healthcare business?
According to Microsoft’s website: “If you continue to use Windows 7 after support has ended, your PC will still work, but it will become more vulnerable to security risks and viruses. Your PC will continue to start and run, but you will no longer receive software updates, including security updates, from Microsoft.” Since HIPAA security rules require updated patches on all systems and security patches will no longer be available from Microsoft after January 14th, the Windows 7 Operating System will no longer be considered HIPAA compliant.
If you’re a healthcare provider or any business that is bound to the HIPAA regulations, and you are still using Windows 7 systems, we recommend that you contact your IT service provider today and make plans to have your systems upgraded or replaced as soon as possible.
While Windows 7 has certainly got the bulk of the attention there are other Microsoft systems that are reaching EOL (End of Life) support this year as well. In fact, on the very same day, January 14th, 2020 the Microsoft Server version 2008R2 (and older) will no longer be supported by Microsoft. Also coming to an end in 2020 is Exchange Server 2010, though originally scheduled for the same day as their other systems Microsoft has pushed back the EOL date to October 13, 2020.
That’s enough about Microsoft. Here are some other applications to know about.
We’ve recently run into a couple of healthcare organizations unknowingly using consumer applications that are not HIPAA compliant.
Your personal Dropbox account is not HIPAA compliant. While the popular cloud storage and file sharing service is one that we use, even for our healthcare clients, you need to know which version you’re using. Typically, any of the “free” versions of cloud storage are not going to be HIPAA compliant. For clients that require file sharing in the cloud we provide Dropbox for Business, which is HIPAA and HITECH compliant. A signed BAA (Business Associate Agreement) from Dropbox is available through their Admin Console.
Google Cloud Print is another cloud service we’ve run into recently. While it seems the verdict is still out on whether or not it is “reasonable and appropriate” for a healthcare provider to use the service we tend to err on the side of caution and recommend that it not be used, especially if you’re printing any documents containing PHI (protected health information) or PII (personally identifiable information). This may become a moot point after this year because Google has stated that the service will no longer be supported after December 31, 2020.
How can a small healthcare business be expected to know all this information?
If you have questions about your HIPAA compliance, particularly as it pertains to your IT systems, please feel free to connect with ToSolution any time. For our clients in the healthcare space, we provide annual HIPAA assessments (including mitigation plans), online training for their employees, and access to a full library of HIPAA policy and procedure templates – all for one Flat Rate!