Tag Archive for: security

End of Support for Windows 7 and 8

/in /by

Microsoft has announced its timetable regarding the end of support for Windows 7 and Windows 8.  These dates may seem distant, but you will want to begin planning now, so that you can complete a transition prior to the end of support.

Transition planning is important, because after support ends, security updates are no longer provided.  Without security updates, your computer/network will be vulnerable to external hacking attempts and potential malware intrusion.  Under HIPAA’s Security Rule, you are required to take measures that reduce such risks, including updating software with security patches, and ending use of software that is no longer being supported by the manufacturer.

Windows continues to offer security updates through what it terms the “Extended Support” time frame.

  • For Windows 7, Service Pack 1, extended support will end on January 14, 2020.
  • For Windows 8, (current latest version 8.1), extended support will end on January 10, 2023.

You should work with your IT department/vendor to plan upgrades to operating systems/software as appropriate prior to the end of extended support dates.  Due to limitations of hardware, this may sometimes require the purchase of new equipment that is capable of running the new operating system or software.   For this reason, budgeting concerns also play a key role.

Refer to the March 2016 issue of the Advisor for additional information on this topic.

Acceptable/Responsible Use

/in /by

Once a workforce member is granted access to a practice’s information systems (including computer hardware, software, email, voice mail, internet, telephone, cell phone, laptops, or other electronic equipment or service made available to employees or paid for by the practice), it is everyone’s responsibility to ensure that the systems are utilized in an acceptable manner following basic rules of conduct.

Acceptable Use applies to the use and disclosure of proprietary and patient information, computer or other devices (includes mobile and other computing or storage devices), and network resources. Some basic responsibilities include:

  • Protecting proprietary information, such as business practices, financial information and intellectual property of the practice.
  • Using or disclosing business and patient information only as necessary to perform assigned duties.
  • Promptly reporting any theft, loss or unauthorized disclosure of proprietary or patient information.
  • Exercising good judgment in the use of the information system (this includes internet access and the sites visited).
  • Ensuring that local, state, federal, or international law is not violated while utilizing the practice’s information system.

It is helpful if acceptable or responsible use expectations are outlined in an employee handbook, or otherwise clearly communicated to workforce members.  Some organizations may also require users to sign an acknowledgement (often called an “acceptable use policy”) to ensure understanding of the policies.

Sanctions or penalties must be uniformly imposed if anyone should cause harm to the information system, use or disclose information in an unauthorized manner, or violate regulatory requirements. Sanctions may include disciplinary actions up to, and including termination of employment.  Workforce members should also be warned that certain actions that violate privacy requirements might subject them to prosecution and/or monetary penalties by regulatory agencies, such as the Office for Civil Rights.

Communicating compliance responsibilities to workforce members, and informing them of sanctions that will be imposed for failure to meet them, helps ensure the security of your practice’s information system.