Skip to content

HIPAA Compliance with Microsoft Windows 10 Enterprise

By Connor Flanagan, Industry Solutions Manager WW Health Industry, Microsoft Corporation and Steven Marco, President and Founder, HIPAA One on December 21, 2017

Filed under Health

Focus on HIPAA Compliance with Microsoft Windows 10

The concept of the “Internet of Things” (IoT) is becoming an increasingly growing topic of conversation as more and more companies are interconnecting everyday objects around us to the Internet, such as: medical devices, appliances, voices and faces, HVAC systems, TVs, vehicles, money and health information.  These devices are now enabled to record and exchange data about individuals’ behavior, habits and personal information through the Cloud. 

Microsoft Windows 10 Enterprise allows PC users to decide for themselves if they want their Personally Identifiable Information shared with the IoT, or not. In the Healthcare and Life Sciences industry where cybersecurity, privacy, and compliance can make or break an organization, Microsoft recognizes the importance of supporting these communities by designing our software and cloud services to be flexible, secure and to meet regulatory compliance mandates.

As a core component to Microsoft’s ecosystem, properly configuring Windows 10 for Enterprise not only assists healthcare entities with HIPAA security and privacy compliance, but also introduces numerous security capabilities to help protect sensitive environments against dynamic and increasingly complex malicious cyberattacks, viruses and malware.  Windows 10 Enterprise is highly-evolved with a built-in, deep-level security architecture balanced with industry-leading compatibility to drive improved user productivity.  Threat, Identity, and Information protection risks are significantly reduced by simply using Windows 10 (you can read about some of Windows 10’s latest enhancements here).

Last year, Microsoft partnered with the HIPAA software market-leader, HIPAA One. Since 2012, HIPAA One has been embraced by over 7,000 healthcare organizations in all 50 states using their NIST-based HIPAA Security and Privacy Risk Analysis Software through a network of EHR software companies and consulting partners to protect their electronic Protected Health Information (ePHI).  “Some of our healthcare IT clients have wondered if an upgrade to Microsoft Windows 10 from Windows 7 will open the door to HIPAA violations,” says Steven Marco, President of HIPAA One. “We took the Windows 10 Enterprise operating system, analyzed it, configured it in a lab repeatedly and measured cloud exhaust until we were assured no ePHI would be released. Since the Fall Creators Update, Microsoft cut their Diagnostics Data at the Basic level in half to ensure ePHI would not be released by Windows 10 when configured properly.”

Microsoft and HIPAA One developed a third-party, detailed recommendation on how to configure Windows 10 in a manner that maintains the security of Protected Health Information (PHI) in accordance to the Health Insurance Portability and Accountability Act (HIPAA).

Moving forward, new capabilities and changes aimed at improving the end-user experience will be pushed to Windows 10 on a regular basis.  As such, we are committed to our relationship with HIPAA One and will continue showcasing enhancements relevant to the IoT, Health and Life Sciences communities and the protection of PHI.

After collaborating with HIPAA One over the past year, we are happy to announce the latest version of the “HIPAA Compliance with Microsoft Windows 10” whitepaper including updates found in the most-recent Fall Creators Update is now available.  Our customers pondering upgrading to Windows 10 will find assurance and value in the recommendations found in this whitepaper, and that the real-world tested configurations will serve as a complement to our security baselines, as well as our customers’ configurations.

Contact Microsoft today to learn more about improving user productivity for our Health and Life Sciences customers while controlling IoT and maintaining regulatory compliance mandates. 

Useful Links

Contact Us