- Barti’s new AI integration brings AOA clinical guidelines into the exam room
- What every young optometrist should know about malpractice insurance
- You’ve been breached—now what?
- 3 risks of relying solely on third-party IT services for protection against cybercrime
- Anatomy of a breach
- AOA Center for Independent Practice expands to serve the next generation
- What is cyber crime?
- 5 types of cybercrime practice owners can’t afford to ignore
- In-office Membership Plans 101: How Forward-thinking Practice Owners are Implementing Membership Plans to Increase Patient Loyalty
- Thinking about switching EHRs?
- 5 key features a long-term disability policy should include
- What is cyber liability insurance and why do optometric practices need it?
- 3 ways to honor staff for Paraoptometric Appreciation Month
- New data source and other changes to CMS’ proposed 2026 Physician Fee Schedule
- AOAExcel® shines the light on top talent
- AOA Innovation Hub premieres at Optometry’s Meeting®
- Medicare Advantage Risk Adjustment audits are overwhelming optometry practices
- This members-only benefit offers something for everyone
- Take a strategic approach to Medicare Advantage records requests
- How to launch a successful career in optometry
- A voice for independent doctors
- Are you prepared?
- How to fill your staffing needs
- The latest on AI and optometry
- More courses, more uses, more impact: Why more AOA member doctors, staff are turning to AOA EyeLearn
- Master paraoptometric certification exam prep with AOA’s study resources
- 5 things every office needs to practice full-scope optometry
- Why thriving practices are prioritizing retirement plans
- What happened to the FTC’s noncompete ban?
- Keeping your practice (and finances) safe
- Is your exam chair ADA compliant?
- 2.9% Medicare cut, broadly panned, looms over 2025 as advocates press Congress
- How to navigate political conversations in your practice
- Making the grade
- Does your malpractice insurance provider measure up?
- The power of delegation
- New technologies shaping optometry’s future
- How AOAExcel makes your life easier
- Next-gen optometry’s focus on independent practice
- Inferiority complexity?
- Is your staff connected? How peer connections benefit practices
- Protecting patient privacy when a clinical observer visits
- Does your practice do in-house billing? Here’s something to know
- Where to start? The tools and resources to leave a positive impact on your patients and community
- AOA boosts support for optometrists rocked by Change Healthcare cyberattack
- Be aware of new classification of employee vs. independent contractor from labor department
- Why optometrists love the AOA Business Card
- Paraoptometric Month
- Patient intake coding for medical diagnoses
- Set your practice up for success
- New federal Corporate Transparency Act
- How to compete with online sellers
- CMS finalizes 2024 physician fee schedule: AOA’s 8 takeaways for optometry
- How do you measure success in your practice?
- 4 tips to elevate the profession and educate the public
- Now we’re talking: Communicating with the public
- Level up your optometric surgical team: AOA launches surgical assistant coursework
- 4 essential personal financial tools for optometrists
- Coding for orthoptic training
- New remote testing option for paraoptometric certification saves time, distance
- Testing 1, 2, 3 … paraoptometric exam handbook, resources for certification testing
- 6 things every hiring practice owner should include in a career center listing
- AOA, leading schools organize to safeguard and expand optometry’s independence
- Co-managed care rife with success stories for patients, doctors
- 3 ways to grow careers and practices at Optometry’s Meeting® 2023
- Why disability insurance is crucial
- Now we’re talking: Interprofessional communication
- Build your practice and protect the planet
- You’ve been served—now what? Where ethical intersects legal
- DEA’s new opioid training mandate: What you need to know
- How to handle bad reviews and ratings
- How the updated position statement can help guide telemedicine in optometry
- 3 questions to ask your malpractice insurance agent
- Optometry’s ‘medical’ eye care opportunity a boon for patients, coordinated care
- AOA Antitrust Compliance Policy
- How the AOA Business Card can benefit your practice
- Combatting inflation
- How to earn an MBA while practicing
- AOA’s new Center for Independent Practice to amplify members-only resources for practice success
- Window Tinting
- The most important thing to know about retirement savings planning
- bolster your cybersecurity
- Identity Theft
- How the HIPAA Privacy Rule applies in a public health emergency
- Partners in care
- 4 tips for handling payer clawbacks: What the experts say
- When patients defect: A case study in emotional intelligence
- A career choice
- Be proactive: Identifying improper sales programs, financial incentives
- Scope of practice and malpractice insurance
- website ADA compliance
- Which retirement plan is right for you
- AOA practice success initiative can help with payer issues
- The most important questions to ask about disability insurance
- audio-only telehealth
- A case study in professionalism
- How to eliminate bias in the exam
- Keeping the practice’s mental health top of mind
- Managing expectations Telemedicines next step
- Optometrys Meeting Surgical Saturday
- 5 ways AOA membership can bring your practice success
- 6 ways to make a job posting pop
- The impact of paraoptometric certification
- AOA EyeLearn revamp improves accessibility of CE resource
- Good faith estimate requirement takes effect
- Optimize your student loan repayment strategy
- How to speak the universal language of care
- How to Obtain Hospital Privileges
- 4 common misconceptions about life insurance
- The privileges of providing care
- How team learning improves doctor-staff coordination
- Pandemic savings strategies
- doctor-patient-communication
- AOA 2021 Virtual Learning Livecast opens for registration
- Virtual interview tips for employers and applicants
- Paraoptometric Exam Materials & Certification
- Keeping the medicine in telemedicine
- Know your options
- Business transition tips for buying or selling
- The wrong patient communication plan could be costly
- New must have resource by AOA for MIPS providers
- AOA faults Ophthalmology journal MIPS study
- Doctors find lessons and success in applying for lifeline PPP loans
- AOA MORE takes yearlong pause
- New rules ahead for patient access to electronic health records
- 7 things to know to protect your future
- PPP Loan Tax Implications
- AOA offers CE-eligible webinar-paraoptometric certification
- 8 lessons the COVID-19 pandemic has taught us
- talking politics keep peace in the practice
- Selling your practice to a private equity firm
- paraoptometric certification
- Life Insurance Awareness Month
- Members support AOA during COVID-19
- VLL courses debut on AOA professional development hub
- Why back to school eye exams are crucial this year
- Protection check-in
- AOA 2020 Virtual Learning Livecast a success
- How to turn your patients into brand ambassadors
- Paraoptometrics have key role in scope expansion
- Communication key unlocking patients virus fear
- lessons from phase one reopening practices
- Report quality measures and MIPS data
- AOA offers guidance for post-COVID-19 reactivation
- How to reduce your carbon footprint
- federal loans ease pain of COVID-19 pandemic
- life insurance questions answered
- ethically providing telehealth services in your practice
- AOA surveys can benefit optometry
- Healthcare cybersecurity
- Doctor google web health-related inquiries can cloud care
- AOAExcel GPO Contact Lenses optical products
- How to get the most out of your AOA member benefits
- How AOA MORE can help you
- Co management 4 steps to success
- What doctors need to know about retirement savings
- Crafting a clickable job posting
- health information cyber attack
- Overtime pay labor law
- Service animals vs emotional support animals in the practice
- InfantSEE tips for children eye exams
- Medicare Beneficiary Identifiers and doctors of optometry
- Physician burnout EHR
- Flushing Hazardous Waste EPA
- Ethically incorporating telehealth-telemedicine services into your practice
- Transition Right
- Frequently asked questions about liability insurance
- How good doctors compete with bad companies
- National Life Insurance Day
- Team effort
- National Retirement Week
- How to become a bilingual practice
- Be a social whiz
- How to balance work and home life
- Physician burnout improving, still high comparatively
- What do patients think about the Open Payments program
- Paraoptometric certification can boost a career
- Doctor of optometry diabetes crusade
- How AOA membership helps protect your practice and the profession
- How to optimize diabetic care
- How to improve patient care and practice economics
- Pediatric Exams Kids Fears
- How to retire with confidence
- CMS ONC send message on faxs demise doctors put them on hold
- Data breaches cost insurers big but providers more frequently
- How to start a sports-vision practice
- 4 practice tips when disaster strikes
- Bad hires happen
- AOA MORE reports first patient data_helps MIPS providers attest
- Keeping up with Doctor Jones
- STEM academia no different Women face harassment
- The dos and donts of customer service
- Medicare repeals payment cap for therapy services
- Earned interest
- Optometrys bread and butter
- Disability Insurance
- Sustainable solutions-Focusing on a green future
- Ethics Disabilities
- Flu Epidemic
- CMS-Texting PHI among health care providers OK with caveats
- TaxTips
- AOA tools you need to succeed
- Keeping peace in the practice during the holidays
- Handle with care How to dismiss a patient
- Cybersecurity Awareness Month
- Dont let your nest egg lay an egg
- How to add a subspecialty to your practice
- Disaster Lessons
- 4 things to consider before volunteering
- Go green and save green
- server and protect
- AOA encourages members to protect themselves against cyberattacks
- Credit breach continues grip on doctors
- AOA cautions against email phishing scams
- AOA to CMS Significant changes needed to MIPS proposed structure
- Caution email phishing scam
- EBO Guidelines in Practice
- Aging Eyes
- Sunshine Act-Industry Reports
- the-best-defense-against-office-harassment
- Review practice policies on harassment
- Cybersecurity and Cyber Monday
- Medicare Part D drug costs
- tips to get more pediatric patients through your door
- 9 business solutions for doctors
- Tools of engagement enrolling staff as AOA associate members
- retinol ruses and root veggies-fantastic tale of carrots
- Practice changes can increase office efficiency
- On Employee Appreciation Day show your staff you care
- Data breach implications for tax season
- How to make the most of the media megaphone
- 6 types of photos to share on social media
- Holiday how to gifts goals and goodwill
- Credit freeze hinders PQRS feedback
- Considerations for a comanaged care strategy
- Whats your plan 4 tips for emergencies
- AOA US Postal Service raise awareness on eye health
- 3 solutions for noshow patients
- MACRA final rule offers flexibility
- In case of emergency
- 3 actions to help staff grow
- AOA tool helps solve social networking dilemmas
- AOA asks NBEO for assurances on data
- How to prevent theft
- How to fund a retirement program for your practice
- Not meeting attesting to MU Hardship exceptions available
- Malpractice insurance Ensure coverage even after retirement
- Does the white clinical coat matter to patients
- HIPAA Then and now
- Doctors of optometry can play a role in erasing health disparities
- Credit breach continues grip on doctors, students
- AOA member feedback impacts Medicare valuations for services
- How a strong doctor office manager relationship can grow your practice
- Share questions and comments in Ethics Forum
- Think About Your Eyes campaign continues to raise public awareness
- Be prepared for more patients requesting to access their health records
- Medicare Supplier Program Requires Fingerprint based Background Checks
- 4 ways to protect your patients and practice from cyberattacks
- When doctors become patients
- The benefits of a bilingual practice
- Harmed by contact lenses Report now
- Medicare Part D prescribing data offers insight
- AOA nets 2016 Medicare fee schedule wins
- 9 member benefits through AOAExcel
- Health centers to expand services with 500 million grants
- Doctors Are you covered
- Tax law change could impact doctors
- Why doctors of optometry should seek hospital privileges
- CMS issues EHR Incentive Programs final rule
- Cybersecurity Is your patient information practice protected
- Create a space for kids in your office
- Prepare for a shift in credit card fraud liability
- Significant policy change in post-op co-management
- How to go the distance
- Accommodate aging eyes in your practice
- CMS tests Medicare Advantage plan benefit designs
- Get your practice noticed online
- Protect your practice from copyright infringement
- New reports AOA members tally higher incomes
- Position your practice for aging eyes
- Survey Vision insurance sales increase
- 4 paths to practice protection
- Improving patient care with certified paraoptometric staff members
- How to successfully navigate Medicare Advantage plans
- AOA releases directory of accountable care organizations
Is your Windows OS on life support?
September 20, 2017
Windows products that exceed their lifecycle may expose doctors to security risks.
Excerpted from page 48 of the September 2017 edition of AOA Focus.
End of Support isn't exactly a death knell when it comes to Windows operating systems (OS), but it does represent a security vulnerability that optometric practices should consider addressing sooner rather than later.
In simplest terms, End of Support represents a fixed date when Microsoft no longer provides automatic software updates or technical assistance to a Windows product or OS. That OS life cycle typically lasts 10 years, over the course of which Microsoft automatically pushes updates that help protect your computer from cyberthreats.
Therefore, practices that access Protected Health Information (PHI) on computers running a Windows OS that exceeds its support life cycle may be putting such information at risk of being compromised.
Newer OS, better security
Earlier this year, a worldwide outbreak of the "WannaCry" ransomware demonstrated the importance of supported service. Affected users were either believed to have skipped an automatic security patch issued from Microsoft that could have stemmed the attack, or were operating an unsupported OS. With nearly 300,000 computers affected globally, Microsoft took the unprecedented step and issued patches to the unsupported services, Windows XP and Windows Server 2003, after the fact, but told consumers not to get used to it.
"Our decision today to release these security updates for platforms not in extended support should not be viewed as a departure from our standard servicing policies," wrote Eric Doerr, Microsoft Security Response Center general manager, in a statement.
"The best protection is to be on a modern, up-to-date system that incorporates the latest defense-in-depth innovations. Older systems, even if fully up-to-date, lack the latest security features and advancements."
Still, a 2017 industry survey found some 52% of businesses continue to run some instance of Windows XP and 9% run at least one instance of Windows Vista—both lost support in 2014 and 2017, respectively.
Compliancy: It's your responsibility
So, what does this mean for doctors of optometry? Although there is no requirement that a particular OS must be HIPAA compliant, it is the responsibility of the covered entity to ensure all office processes are compliant.
The U.S. Department of Health and Human Services (HHS) notes the HIPAA Security Rule does not specify minimum OS requirements; however, it's the responsibility of the covered entity to implement PHI safeguards. That has put Microsoft's newest OS, Windows 10, under the HIPAA spotlight, because of the way it collects data.
A 2016 white paper issued by AOAExcel® endorsed business partner Compliancy Group notes that while Microsoft has stressed the HIPAA compliancy of its Office 365 and willingly signs Business Associate Agreements with SharePoint Online cloud-storage users, Microsoft had been mum on Windows 10. This OS automatically shares data with Microsoft to customize and streamline navigation, making it more user-friendly, but a potential problem for PHI. That said, Windows 10 is still the most up-to-date Windows OS available, which means better security from malware incidents.
Therefore, the Compliancy Group white paper states: "Windows 10 users need to weigh these risks to security against the measures being taken within their own organization to guard the privacy of PHI.
"Hopefully, further guidance and new service packs from Microsoft will lend some further clarity on the issue. Until that time, users should continue to heavily vet their technology infrastructure to ensure that the PHI they come into contact with stays protected and secure."
Fast-forward one year later, and Microsoft did release a service pack in the form of the Windows 10 Creators Update in April 2017 that allows organizations to better protect their data. However, despite the update, the onus of safeguarding PHI rests on the provider alone.
Windows lifecycle reference
Below are the next three Windows OS to be removed from support. Although there are minor differences between the two support phases, both provide free security updates; however, at the conclusion of Extended Support, Microsoft ceases security updates.
Windows Vista
- End of Mainstream Support: April 10, 2012.
- End of Extended Support: April 11, 2017.
Windows 7
- End of Mainstream Support: Jan. 13, 2015.
- End of Extended Support: Jan. 14, 2020.
Windows 8
- End of Mainstream Support: Jan. 9, 2018.
- End of Extended Support: Jan. 20, 2023.