Small practices must balance meaningful use and IT concerns

In recent months, it seems that health care organizations have had no shortage of concerns regarding business methods. Meaningful use requirements continue to underscore the importance of electronic health record systems in practices large and small. The long-awaited transition to ICD-10 has now been thrown into question with the passage of a bill in the House containing a delay clause.

For executives, the question of where to allocate their companies' resources can be perplexing at the best of times and impossible at the worst. Small practices must increase their vigilance over the number of personnel and workflow they dedicate to meaningful use and data security initiatives, especially as Microsoft prepares to end technical support for Windows XP, one of the most popular operating systems within the health care industry. Not only will organizations need to decide between in-house support or a system-wide upgrade process, but they will also need to balance these efforts with ongoing meaningful use programs.

The end of XP and the start of a new computing age
Windows XP, Microsoft's most popular operating system, made its first appearance on the market in 2001. More than a dozen years later, however, the software will have its cord to Microsoft cut when the technology giant ends formal tech support for the OS.

According to Health IT Security, this seemingly innocuous move around an operating system more than a decade old is expected to have serious ramifications for the health care industry.

Industry experts believe that data security will likely be the hardest sector hit when Windows XP is taken off the tech support shelf. Stephen Person, network and security engineer at North Valley Hospital in Montana, told Health IT Security that the largest concern is that hackers and data thieves may know about a security flaw and are just waiting until there is no longer a team of engineers to fix it.

"The obvious fear is that there's someone out there squatting on a vulnerability that they don't know about yet and as soon as the support life ends, they're going to have this XP zero-day," Person said. "I believe that probably what's happening is everyone is containing their environments as tightly as they can at the network level and at the access control level."

Person believed that every health care organization should either already have or be creating a plan to upgrade its systems from Windows XP to a different operating system that continues to receive updates from its manufacturer. Some practices may have begun their own tech support from stop-gap perspective to deal with flaws as they arise, but this may not prove ideal as thieves and hackers target the non-supported OS.

Jeffrey Brown, chief information officer of Lawrence General Hospital in Massachusetts, emphasized the need for a comprehensive transition plan, especially for smaller practices. 

"In isolation, the transition from Windows XP might not seem like a big leap," Brown told Health IT Security. "But for resource- and financially constrained organizations that are dealing with a multitude of these other complex problems, it's a small thorn in their side that could ultimately end up being a bigger deal than most people anticipate."

OS upgrades and meaningful use
Brown's advice will likely prove useful to small practices that do not have the resources to dedicate to a system-wide technological update program. While extremely demanding, meaningful use requirements and the Centers for Medicare and Medicaid Services are not likely to offer increased flexibility for hardships that fall outside of the program.

To balance these two initiatives that promise to be of critical importance, PC Pro emphasized the need for automated upgrade systems. With specialized software, data migration specialist 1E was able to upgrade 30,000 computers to Windows 7 in the space of a month – just the speed that health care organizations may need to work at considering other initiatives.