Microsoft recently announced that support for Windows Server 2003 will end on July 14, 2015. Although this issue causes all businesses to develop a server migration path, it puts an additional strain on healthcare organizations due to medical record retention laws.
Here are five tips for healthcare organizations planning to decommission Windows Server 2003:
- Determine the best operating system solution for your healthcare organization. Although it is possible to continue to use Windows 2003 after support has ended, this strategy introduces numerous risks to your organization. According to Computer Weekly, one of the biggest risks is that Microsoft will not make any security fixes found after support ends. This puts your protected health information (PHI) in jeopardy. Assess your IT workloads to determine whether a cloud, virtualized or physical server is best suited to handle the needs of your healthcare applications.
- Create a migration strategy for the technology. Gather all stakeholders and determine the best process as well as the timeline to ensure that the transition to another server is complete before support To help organizations with the transition, Microsoft is providing resources to help with the transition including an informational on-demand webinar, a planning assistant to help determine the best strategy and a migration datasheet.
- Determine record retention compliance plan for PHI stored on the server. Verify the retention laws in your state and make sure that your server migration strategy is in compliance with your data retention policy. Options for HIPAA-compliant, long-term EMR storage of your patient or employee records might include keeping the legacy system up and running on a new server or extracting the data from the legacy system and then migrating it to a health data archive.
- Calculate the cost and risk of running a legacy system. If you are considering maintaining your legacy system for medical record retention, determine the cost and technical risk associated with this solution. Consider software maintenance fees, IT labor burdens and ongoing user training costs for the life of the retention policy.
- Consider electronic archiving for your health data. Many healthcare organizations will archive patient or employee data electronically in preparation for this summer’s Windows Server 2003 End of Support. The server requirements are far less complex for such a solution, and, archiving allows your organization to be in compliance with both HIPAA laws and medical record retention mandates. Generally, a health data archive delivers a better return on investment than letting a legacy system run due the maintenance fees paid on a legacy system over the life of the medical record retention policy. It also allows easy access to historical records as patient, payer, employer or legal inquiries arrive in the decades ahead.
How is your healthcare organization handling the end of Windows 2003 support?