How to make Windows 10 HIPAA compliant?

[heatlesssun]

Bad thing is, most agents have ZERO clue about HIPAA, are not warned about it, and probably break the law on a daily basis, particularly when they just go buy a Win 10 pc... (the fun of being a 1099 "employee" - the corporation has little to no liability for your actions.)

If one isn't aware of HIPPA then buying a Windows 10 PC wouldn't even be the start of issues. In reading the guidelines, which cover phones, there's just nothing in the guidelines about vendor telemetry. It's all about, is the device secured with passwords, disaster recovery, device loss, updates. I actually sent an email to [email protected] asking specially about Windows 10 last Thursday. No response thus far.

 

[madcap magician]

I deal with this myself. I researched and discovered the federal gov is good at telling you what to do but they suck at telling you how to do it. It's also based on your ability (fiscal) to get the best HIPAA compliance you can with the many factors that apply to you our your business. What I do is install windows 10 pro and enable boot up password (sorry cant remember the exact terminology). I then require the drive to be encrypted(i use bitlocker). I then require our employees to use a strong password and the computer locks in 1 minute of no use. It's annoying for the user but will save in fines.

Also if you have you laptop dual pw enabled and encrypted there is no reporting requirement if it's losts. That is based on my research reading white papers and vague AHCA policies/laws/rules/etc

 

[SineDave]

I'm not saying it's stricly "HIPAA compliant" but if an individual agent follows guides like this to the best of their ability, I doubt they would fail an audit just for having that OS.

http://news.softpedia.com/news/stop-windows-10-telemetry-and-other-data-collecting-489571.shtml
https://technet.microsoft.com/en-us...figure-windows-telemetry-in-your-organization

You don't need a domain to apply group policy - you really just need to set it in local policy.

 

[Hagrid]

So basically MS needs to either have Win 10 approved or make an approved version.

 

[BulletDust]

So basically MS needs to either have Win 10 approved or make an approved version.

From what I'm reading no OS is HIPAA approved, there are simply HIPAA guidelines to follow and configuring Windows 10 to conform to the guidelines is far more difficult than it needs to be and there's no guarantee that an update won't reverse all the work you've done. MS don't care as they hide behind the BAA.