On April 8, 2014, Microsoft ended security updates and patches for Windows XP. Just having a Windows XP computer on your network will be an automatic HIPAA violation, which makes you non-compliant with Meaningful Use, and will be a time bomb that could easily cause a reportable and expensive breach of protected patient information. HIPAA fines and loss of Meaningful Use money can far outweigh the expense of replacing your old computers.

According to HIPAA Security Rule section 164.308(a)(5)(ii)(B), organizations with sensitive personal health information must ensure: (B)Protection from malicious software (Addressable). Procedures for guarding against, detecting, and reporting malicious software.—HIPAA

Take some advice from Jay Paulus, Microsoft’s director of Windows Product Marketing, “Staying with Windows XP is like driving a car that you can’t buy parts for anymore. The car won’t stop running immediately, but if you have a problem, you won’t get the help you need.”