Windows 7 Support Ends in January
Microsoft has announced that support for Windows 7 will be discontinued after January 14, 2020. If you continue to use Windows 7 after that date, Microsoft warns that your Windows 7 based systems will become vulnerable to security risks. Covered Entities and Business Associates tasked with complying with HIPAA, need to replace or upgrade all Windows 7 installations prior to that end of service date.
The recommendation from Microsoft is to upgrade those systems to Windows 10. Resources and advice from Microsoft can be found online by visiting their announcement that Support for Windows 7 is ending page. If your organization or business has not yet established a migration plan designed to phase out Windows 7 machines, now is the time to inventory those legacy devices and schedule them for upgrade or replacement before year end.
Windows 7 and HIPAA Risk Assessment
Windows 7 and HIPAA will no longer be compatible. This end of support announcement is also an opportunity to perform an annual HIPAA risk assessment. A formal risk assessment should be performed each year and failure to routinely conduct risk assessments is a HIPAA violation which will expose Covered Entities and Business Associates to civil penalties. In fact, just such a violation was, in part, the basis of the largest HIPAA civil penalty to date. Our suggestion is to view end-of-support events as opportunities to enhance your organization’s overall compliance and security profile.
While not a complete risk assessment, you can establish a general sense of your organization’s relative compliance by using our Free HIPAA Risk Assessment Tool that will provide you with a report and recommendations.
Compliant Legal Solutions, LLC, provides tools that help you establish initial baseline compliance and automate much of the work needed to maintain compliance on an ongoing basis. Our compliance suite includes comprehensive risk assessment tools that will automatically generate both a gap analysis report and a corrective action plan. Once you complete the free assessment, we would also welcome an opportunity to discuss your compliance needs and to show you how your organization can establish systems to protect itself from civil penalties even in the event of a data breach.