tmccormi wrote on Wednesday, June 17, 2015:
Just a little reminder to get your OS updated … I recommend Linux (of course) …
–Tony
tmccormi wrote on Wednesday, June 17, 2015:
Just a little reminder to get your OS updated … I recommend Linux (of course) …
–Tony
rpiovanetti wrote on Thursday, July 02, 2015:
I’m sorry to disagree with the Statement that if “Windows Server 2003 is EOL, it is thus NOT HIPAA Compliant. Windows, and for that matter ANY PRODUCT CANNOT be HIPAA compliant since Windows, EHR’s or any technology is not a “Covered Entity”, NOR a Business Associate”. The ONLY people or entities that can be HIPAA-Compliant are Covered Entities (i.e. Covered Providers, Payers and Clearinghouses) and Business Associated BECAUSE HIPAA expressly states that the only entities that can be HIPAA-Compatible are the aforementioned. It is to a covered entity or business associate to make the necessary adjustments to remain HIPAA-compliant, no matter what technology, versions, etc they use. Heck, you can be 200% HIPAA-compliant if you still use Windows 95 and have your operations setup in a way that allow you to “Comply with HIPAA Rules”; hence even with Windows 95 you CAN be HIPAA-Compliant.
I’d like to ask one thing, do you own stock from Microsoft. Only a vendor can take advantage of health professionals ignorance to force them to change to “new” product and benefit from all the renewed licensing fees that that kind of process entails. Sorry I’f I sound to harsh, BUT I CAN’T tolerate statements that are against the HIPAA rules and regulatory intent. Heck, I;ve heard hundreds of IT vendors professing that in order to be HIPAA compliant you have to adopt a encrypted messaging system such as those that are being provided by McAfee and the like; which is TOTALLY FALSE. If you know that to put in an email, even if you use gmail.com, outlook.com of other free email services you can be HIPAA-Compliant.
So, The fact that Windows Server 2003 is EOF DOES NOT make you non0compliant. I’ll prove it. Do you have to upgrade ALL your windows XP workstations to Windows 7 or 8 to be HIPAA compliant…? The TRUE ANSWER is “NO”; it depends on where these computers are located, who uses them, antivirus, firewalls, none of which has anything to do with XP.
Got it…?.
rpiovanetti wrote on Thursday, July 02, 2015:
I too agree that I’d rather go Linux (for security, resource requirements, reduced costs, better performance in lesser hardware, built-in Virtualization with KVM [the #1 virtualization technology / hypervisor in the world - Ages ahead of VMWare and MS], etc.).
And to joint the two replies, UBUNTU version 10.04 can still make you HIPAA-compliant despite the fact that it is EOL as well. Heck, even Fedora 5 will allow you to be compliant.
fsgl wrote on Thursday, July 02, 2015:
Along that line, one can use Windows 1.0.
Physicians don’t have the time/energy/training to fill the deficiency/vulnerability gaps.
We have bigger fishes to fry & this open source Project is a boon.
Tony would be retired now on his little private island; had he purchased a bunch of Microsoft stock at the first IPO.
tmccormi wrote on Friday, July 03, 2015:
I did not make the statement the CMS did. And if they audit you you will fail and be fined.
As a socially conscience Open Source geek, I would rather live under a bridge than have invested in Microsoft
tmccormi wrote on Friday, July 03, 2015:
PS, here is a quote from the ADA that both supports what you say AND recommends the update for the very reasons FSGL states … (yes I know it Dental, but same is true for medical of course…
fsgl wrote on Friday, July 03, 2015:
Question is whether the missus & kids would agree to camping out at the bridge.
michaelke wrote on Wednesday, July 08, 2015:
“This is especially true if the dental practice has no documented risk analysis, insufficient security management processes, plans to migrate to a supported operating system or is unable to demonstrate the steps that were taken to mitigate risks associated with this operating system sunset.” <-- This is the key messsage from that statement. Everyone needs to be conducting the risk analysis and systems evaluations to insure that they do have a system in place to avoid possible HIPAA security breaches. The Windows Server 2003 concern is fairly minor in the scheme of things.
tmccormi wrote on Wednesday, July 08, 2015:
agreed.