Ask the Expert

HIPAA implications for organizations running Microsoft

What are the HIPAA issues with Microsoft given that their OS license legally allows them access to the machines running them?

    Requires Free Membership to View

Isn't this an interesting Catch-22!? The issue here, for those of you who aren't familiar with it, is that by agreeing to the license terms and applying Windows 2000 service pack three, you essentially give Microsoft the ability to "silently" update the operating system. This leads to the obvious issue of letting an unauthorized third party to not only make random software configuration changes (not good per HIPAA), but to also give this third party potential access to protected health information (PHI) -- again, a HIPAA no-no. The HIPAA Privacy Rule and the proposed HIPAA Security Rule mandate "reasonable" efforts to keep PHI confidential. I'm no lawyer, but I'm guessing this depends on how you -- and more importantly -- the courts define reasonable. Perhaps the fact that you cannot keep your security holes plugged if you don't install service pack three (and beyond) will take precedence over the slight chance that Microsoft could have unauthorized access to PHI or the fact that Microsoft is making configuration changes to your computer systems at will.

I'm not sure that there is a good solution. Maybe the final Security Rule will address this type of issue and all will be well in the eyes of the Department of Health and Human Services. Perhaps the courts will see this Microsoft mandate as being reasonable. If neither of these proves to be the case in the future, you may want to consider operating system alternatives for computer systems that store PHI or perform critical services. Only time will tell.


For more information on this topic, visit these other SearchSecurity.com resources:
Ask the Expert: Windows 98 and HIPAA
Best Web Links: Health Care/Health Services
Featured Topic: HIPAA update


This was first published in November 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: