Donald Trump's personal physician, Harold Bornstein, MD, attracted notice this past week for his letter touting the candidate's "astonishingly excellent" physical condition and claiming Trump would be "the healthiest individual ever elected to the presidency."
He's also gained attention for the fact that his computer apparently still runs the 15-year-old operating system Windows XP – which hasn't been supported by Microsoft since the spring of 2014.
Tech site Gizmodo was the first to notice that, in a post this past Friday: "Trump's Weirdo Doctor Uses Windows XP, Which Could Be a Violation of HIPAA."
But upon closer inspection it’s worth noting that Windows XP alone does not equate a HIPAA violation. The security rule doesn't mandate minimum operating system requirements for covered entities. It does, however, set requirements for information systems that contain electronic protected health information.
“The security capabilities of the operating system may be used to comply with technical safeguards standards and implementation specifications such as audit controls, unique user identification, integrity, person or entity authentication, or transmission security," according to the U.S. Department of Health and Human Services.
[Also: 5 steps to cybersecurity for Internet of Things medical devices]
HHS added that healthcare organizations must consider any known vulnerabilities – notably whether patches are available for security threats and whether the manufacturer still supports the OS – in their risk analysis.
Microsoft stopped provding support, including security updates, for XP more than two years ago.
"PCs running Windows XP after April 8, 2014, should not be considered to be protected, and it is important that you migrate to a current supported operating system,” the company implored users back then.
As Microsoft was ending support for XP in 2014, in fact, Sergio Galindo of computer security firm GFI Software was working with clients to prepare for the end of XP.
"For those healthcare providers that fall under HIPAA, having a Windows XP machine as part of your business practice may put your compliance at risk,” he told Healthcare IT News at the time.
Computers running the outdated OS still work, of course, "but with greater and greater risk," said Galindo. "It is highly likely that an unprotected system will be impacted by a virus, worm or malware."
Twitter: @MikeMiliardHITN
Email the writer: mike.miliard@himssmedia.com
