Microsoft recently announced that after April 8, 2014, it will not provide more security updates or support technology for Windows XP ?. Microsoft's statement that "companies that are governed by regulatory obligations such as HIPAA may find that they are no longer able to satisfy compliance requirements" sparked a degree of panic among health care providers use Windows XP.
Although Windows XP without updated security updates or "patches" open health care entities to increased vulnerabilities under HIPAA, it is important to understand exactly what the obligations of a covered entity are in the security rule
US department of Health and Human services offers the following question and answer on its website.
East -what the minimum operating system of the mandate security rule requirements for personal computer systems used by a covered entity
answer No, the security rule was written to allow flexibility for covered entities to implement security measures that best fit their organizational needs. The security rule does not specify the minimum requirements for personal computer operating systems, but it specifies the requirements for information systems that contain electronic protected health information (e-PHI). Therefore, as part of the information system, the operating system security features can be used to comply with technical standards and guarantees the implementation of specifications such as audit controls, identification single user, integrity, authentication of the person or entity, or security of transmission. In addition, all known security vulnerabilities of an operating system must be taken into account in the risk analysis of the subject entity (for example, made an operating system include the known vulnerabilities for which a patch security is unavailable, for example because the operating system is no longer supported by the manufacturer).
therefore, as covered entities must meet certain requirements for storing e-PHI, just running Windows XP after April 8, 2014 not in itself HIPAA violation as the entity referred commits a Detailed risk analysis that identifies known vulnerabilities, the potential effects of these vulnerabilities and has a plan to address these issues. To the extent that a covered entity plans to use Windows XP after April 8, 2014, such an analysis should be done quickly.
- Bio
- Recent posts
Paul J. Welk
Paul is president of technology Tucker Arensberg Health law Attorneys / Health information Industry Group and focuses his practice on corporate law and Health care. As such, it represents physiotherapists, doctors, dentists, nonprofit organizations, professional organizations and other entities and commercial companies.
Some of the operations and recent clients, he has worked on include the representation of
- multiple physiotherapy professional associations State on a variety of issues
- private multiple physiotherapy practices with the development and implementation of property succession plans
- a venture capital firm with the dollar acquisition of shares of a target company $ 13 million
- therapy providers multiple physical in successful calls third-party payers
- multiple buyers of real estate assets and associated dental practices
- multiple physical therapy providers regarding the transfer of partial ownership and trading of governance and Documents shareholders
- physiotherapy multiple providers with assets and stock acquisitions and disposals
- a manufacturing company to negotiate a purchase of shareholder disputes and stocks
- a service provider to negotiate a yearly service contract for $ 5 million
- a listed company regarding the merger of two wholly owned subsidiaries
- two listed companies regarding the ongoing review of the distribution contracts, supply and service
- a seller of a skilled nursing and real estate related
- Several regional networks of rehabilitation providers on a variety of issues including training and ongoing operations
- a large physician practice in its sale to a health system
practice Areas: business and corporate law, health law, mergers and acquisitions
articles and presentations: Paul regularly lectures and writes on topics related to business law and health and is the author of foundation of the legal impact, a regular column in the American Physical Therapy Association impact Magazine Private Practice Section
associations and activities. Paul is a member of the Chair of Pennsylvania American physical therapy associations and past physical Committee of the American Association of therapy on risk management and member benefits. He is also member of the Medical Ethics Committee Bloomsburg supply, the School of Physiotherapy Advisory Board Duquesne University, the Pennsylvania Bar Association, and the American Lawyers Health Association. He is an assistant instructor at the School of Physical and a registered physiotherapist in the Commonwealth of Pennsylvania University of St. Francis
Jurisdictions: .. Paul is licensed to practice law in Pennsylvania
Education and background: Paul received his bachelor of science and a Masters in physical therapy with honors from Duquesne University and his law degree with honors from the University of Pittsburgh. He was Associate Editor of the University of Pittsburgh School of Law Journal of Law and Commerce and received the CALI Excellence Award for the future and Esther F. Teplitz Awards for academic achievement in the law program health. Paul graduated from the University of Pittsburgh School of Health Law Certificate Program Law.
Latest posts by Paul J. Welk ( see all)
- Phase 2 current HIPAA Audits - March 25, 2016
- Websites and Americans with Disabilities Act - An often overlooked risk - March 14, 2016
- HHS publishes guidelines on patient access to records under HIPAA - February 2, 2016
- physical supplier, voice and occupational therapy services Agrees to $ 38 million False Claims Act Settlement - November 12, 2014
- A free Ride to PT - What is the risk - October 15, 2014
No comments:
Post a Comment