By Art Gross, President and CEO, HIPAA Secure Now!
Read other articles by this author
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that was enacted in 1996 to protect the privacy and security of individuals’ health information. It established requirements for covered entities, such as healthcare providers, insurance companies, and healthcare clearinghouses, to implement reasonable and appropriate administrative, physical, and technical safeguards to protect electronic protected health information (ePHI).
The Security Rule
One aspect of HIPAA compliance involves using software and technology that meet the standards of the Security Rule. This sets standards for access control, audit controls, integrity controls, and transmission security, among others.
As technology continues to evolve, and versions are retired, this older software may no longer meet the standards set by the Security Rule. Thus, making it necessary for covered entities to upgrade to newer versions or switch to alternative solutions. The end of support for software means that the vendor will no longer provide security updates, bug fixes, or technical support, leaving the software vulnerable to security risks. For example, Microsoft announced its own end-of-support product list, which will likely affect many businesses.
It is essential for covered entities to be aware of this as it pertains to their software and to plan accordingly to ensure ongoing compliance with HIPAA. Upgrading or switching to alternative solutions may require significant time and resources, so it is important to start planning well in advance. Hardware can also be affected by end-of-support notifications. This type of conversion to new equipment would be critical to account for when it comes to a business’s time and budget constraints.
HIPAA compliance is an ongoing process that requires covered entities to stay up-to-date with the latest standards and technologies. The end of support for software with the Security Rule highlights the importance of regularly reviewing and updating systems to ensure the protection of ePHI.
This article was originally published on HIPAA Secure Now! and is republished here with permission.