By Jeffrey Brady
Information Technology Pros in the healthcare industry may
want to get a head start on their spring cleaning. Microsoft extended support
for Windows XP ends on April 8, 2014. After this date, Microsoft will not
release any security patches or updates for Windows XP. This will effectively
make Windows XP non-compliant with HIPAA / HITECH
after Microsoft support ends.
Windows XP was released August 24, 2001 and has been widely
deployed in homes and corporate environments alike. In the Healthcare arena, XP
may be found on workstations used by clinical staff, CT machines, and other
critical medical devices.
Most of these devices are connected to the network to
connect to EHR/EMR systems, so simply disconnecting them is not an option. In
addition, many of these devices are running old and proprietary applications
that may not run on a newer operating system such as Windows 7 or 8.
What can an IT pro do when faced with this dilemma? In an
ideal world your systems would already be off XP or you would be well into a migration
effort. However, some of us have inherited this problem and must find a
solution that not only addresses this problem, but also does so in a cost
effective manner. Ideally, you will even have the opportunity to make technical
improvements in your infrastructure, enhance security and manageability of your
systems, and provide your clinical staff with a more efficient computing
Evaluate your current situation
Getting your vendors involved is very important at this
stage. You will want to find out about how to move to newer versions of their
software which are compatible with Windows 7 or beyond. If you have current
maintenance you may just need to download their newest software and apply your
testing process. If you are not in maintenance, you may face pricey upgrades to
move to their new platform.
Another option may be to run the application on a terminal
server and have your clients access the application via a remote desktop
Lastly you will also want to do an assessment on your
medical devices to see which of these systems may be impacted by the Windows XP
Your next steps are to evaluate your current workstations.
Do they have the resources to run a newer version of Windows? If so you can
exercise your volume licensing upgrade options, or purchase the proper
licensing to upgrade your environment. A more likely scenario would be that you
have old workstations that are overdue for replacement anyway, in which case, upgrading
would not be practical.
You can look at simply replacing your desktops with new
shiny boxes and work on your migration plan for applications and user data.
Another option you may strongly consider is implementing a VDI (virtual desktop
Virtualization has been hugely successful in the server
arena. This technology uses a hypervisor on top of the hardware that allows
multiple copies of an operating system to share the resources of the hardware.
In most applications, there is no penalty for running multiple servers on the
same hardware if your environment is planned correctly.
One can do the same using VDI. You can run fifty maybe even
one hundred desktops on one physical server. These desktops would share the
fast CPU, memory, and storage of the physical server to give the end user a
high performance-computing environment. You can repurpose your existing
desktops to connect to your VDI setup, or you can deploy thin-clients to your
VDI also will provide your staff with centralized management
and control of your desktops. This will help your lean staff manage and
maintain your environment effectively.
Now is the time to take action. Start working on your
strategy for moving your computers and medical devices off Windows XP. Size up
your vendor support for upgrading to a newer OS, get an inventory of your
impacted devices, and evaluate how you will update your endpoints. Moving to a
newer operating system will help you provide a more secure environment in your
facility and ensure compliance with HIPAA / HITECH.
Jeffrey Brady is currently the Director of Information Technology for a
60 bed privately-owned hospital. Previously he was the IT Director for a regional recycling
company. He started his IT career at the help desk level in 1998 and has moved up to working in network operations centers. He has been a Linux and Windows systems
administrator and has done some independent consulting.