How to make Windows 10 HIPAA compliant?

heatlesssun

Extremely [H]
Joined
Nov 5, 2005
Messages
44,154
Bad thing is, most agents have ZERO clue about HIPAA, are not warned about it, and probably break the law on a daily basis, particularly when they just go buy a Win 10 pc... (the fun of being a 1099 "employee" - the corporation has little to no liability for your actions.)

If one isn't aware of HIPPA then buying a Windows 10 PC wouldn't even be the start of issues. In reading the guidelines, which cover phones, there's just nothing in the guidelines about vendor telemetry. It's all about, is the device secured with passwords, disaster recovery, device loss, updates. I actually sent an email to ONC.Request@hhs.gov asking specially about Windows 10 last Thursday. No response thus far.
 

madcap magician

Limp Gawd
Joined
Mar 12, 2003
Messages
328
I deal with this myself. I researched and discovered the federal gov is good at telling you what to do but they suck at telling you how to do it. It's also based on your ability (fiscal) to get the best HIPAA compliance you can with the many factors that apply to you our your business. What I do is install windows 10 pro and enable boot up password (sorry cant remember the exact terminology). I then require the drive to be encrypted(i use bitlocker). I then require our employees to use a strong password and the computer locks in 1 minute of no use. It's annoying for the user but will save in fines.

Also if you have you laptop dual pw enabled and encrypted there is no reporting requirement if it's losts. That is based on my research reading white papers and vague AHCA policies/laws/rules/etc
 

SineDave

Limp Gawd
Joined
Jun 9, 2004
Messages
412

Hagrid

[H]F Junkie
Joined
Nov 23, 2006
Messages
9,140
So basically MS needs to either have Win 10 approved or make an approved version.
 

BulletDust

Supreme [H]ardness
Joined
Feb 17, 2016
Messages
6,057
So basically MS needs to either have Win 10 approved or make an approved version.

From what I'm reading no OS is HIPAA approved, there are simply HIPAA guidelines to follow and configuring Windows 10 to conform to the guidelines is far more difficult than it needs to be and there's no guarantee that an update won't reverse all the work you've done. MS don't care as they hide behind the BAA.
 
Top