Win XP to Win 7

As of April 8, 2014, support and updates for Windows XP are no longer available.
Don't let your PC go unprotected.

What is Windows XP end of support?

Microsoft provided support for Windows XP for the past 12 years. But the time came for Windows, along with Microsoft hardware and software partners, to invest Microsoft resources toward supporting more recent technologies so that they can continue to deliver great new experiences.

As a result, technical assistance for Windows XP is no longer available, including automatic updates that help protect your PC. Microsoft has also stopped providing Microsoft Security Essentials for download on Windows XP. (If you already have Microsoft Security Essentials installed, you will continue to receive antimalware signature updates for a limited time, but this does not mean that your PC is secure because Microsoft is no longer providing security updates to help protect your PC.)

If you continue to use Windows XP now that support has ended, your computer will still work but it might become more vulnerable to security risks and viruses. Internet Explorer 8 is also no longer supported, so if your Windows XP PC is connected to the Internet and you use Internet Explorer 8 to surf the web, you might be exposing your PC to additional threats. Also, as more software and hardware manufacturers continue to optimize for more recent versions of Windows, you can expect to encounter more apps and devices that do not work with Windows XP.

Why is this important for a Dental Practice?

Microsoft to discontinue support for Windows XP
Could expose some dentists to security risks and lead to HIPAA violations

By Kelly Soderlund, ADA News staff

Dr. Licking
Microsoft will discontinue its technical support for Windows XP as of April 8, which could put dental practices that still use the operating system at increased risk of serious security problems.

For dental practices that use Windows XP and that are covered under the Health Insurance Portability and Accountability Act, it may be prudent to review and, if appropriate, revise their HIPAA Security risk assessment and security measures.

Security updates that help protect PCs against newly discovered vulnerabilities will no longer be provided for Windows XP as of that date. The operating system will still work after April 8 but computers may become more vulnerable to security risks, according to Microsoft.

The antivirus software for Windows XP called Microsoft Security Essentials will continue to receive regular updates until July 14, 2015.

Other antivirus vendors are also expected to continue to provide updates.

These security risks could lead to data breaches that would require dental practices to notify their patients and government officials, and could expose them to liability for violating state data security laws. They could also be at risk of violating the Payment Card Industry Data Security Standards, a set of standards developed by the payment card industry to protect credit and debit card data.

But it may be an oversimplification to state that any covered health care provider using an XP work station or server after April 8 is automatically violating the HIPAA Security Rule, according to Dr. Mary A. Licking, chair of a working group of the Standards Committee on Dental Informatics.

The HIPAA Security Rule includes two standards that should prompt covered dental practices that are currently using Windows XP to develop a transition plan to Windows 7 or 8, Dr. Licking said. The "Risk Analysis" standard requires a covered dental practice to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information held by the covered practice. The "Security Management Process" standard requires covered practices to implement security measures sufficient to reduce risks and vulnerabilities to a reasonable and appropriate level to comply with general requirements of the Security Rule.

"These requirements basically mean that covered entities must be aware of privacy threats and adjust their policies, procedures, and, sometimes, their office computer networks to respond to changes in their threat environments in an appropriate manner," Dr. Licking said.

Older computer operating systems, like Windows XP, may be more vulnerable to hacking attacks over open networks and to computer viruses, Dr. Licking said. They can also crash without warning, exposing data to possible loss, she said. Once a developer like Microsoft stops offering support for an operating system, no more security patches or bug fixes will be available.

"Vendors of products that run on the old operating system, like dental practice management software, may cease support for those products as well, exposing the client to the risks posed by bugs, crashes, data loss and other security problems," Dr. Licking said. "It's more prudent to use a reasonably current operating system that's supported so that the organization can continue to receive security patches, software updates and technical support necessary for meeting the HIPAA Security Rule's technical requirements."

Microsoft encourages its customers to upgrade their operating system to Windows 8.1, if their PC can handle it. Windows 7 is also an option. Dental practices that are planning to transition away from Windows XP should consult with their technology vendors to devise a prudent and appropriate migration path.

For more information on HIPAA requirements, visit The Office for Civil Rights also has information on the law at To learn more about the Payment Card Industry Security Standards Council, visit

The ADA Complete HIPAA Compliance Kit (J598) is available from the ADA Catalog,, and includes a manual, the training CD-ROM and a three-year update service. The kit is $300 for members and $450 for nonmembers.