• Location:79 13th Ave NE Suite 207 Minneapolis, MN 55413
Follow Us:
Facebook-f Twitter Youtube
Schedule An Intro Call
Amory IT

612-235-4895

Call us Anytime

HIPAA Compliance Readiness Checklist

Preparing for Windows 10 End-of-Life (EOL) and Avoiding HIPAA Violations

Target Audience: Healthcare providers, behavioral health clinics, private practices, and other HIPAA-covered entities

Office desk with checklist and computer warning about Windows 10 end of support—ideal for healthcare IT planning
Photo by Yan Krukau on Pexels.com

1. Inventory All Windows Devices

  • Identify all workstations, laptops, tablets, and servers running Windows 10
  • Document device users, department, and role
  • Classify based on PHI access level (e.g., access to EHR, billing, email)

2. Evaluate Risk Under HIPAA Security Rule

  • Assess each Windows 10 device for risk if left unpatched after October 14, 2025
  • Document how these risks could compromise Confidentiality, Integrity, or Availability of ePHI
  • Review with your HIPAA Security Officer or compliance consultant

3. Plan and Budget for Migration

  • Determine if existing hardware supports Windows 11
  • Develop a rollout plan for replacements or upgrades
  • Allocate budget and timeline for execution before Q2 2025

4. Identify Required IT Support or Vendor Involvement

  • Coordinate with IT team or MSP to schedule upgrades
  • Ensure antivirus, endpoint protection, and backup tools are compatible
  • Define downtime windows for upgrades with minimal disruption

5. Update HIPAA Documentation

  • Revise your Security Risk Analysis (SRA) to include Windows 10 deprecation
  • Update your Written Information Security Program (WISP) or HIPAA Security Policies
  • Document mitigation steps for risk areas (e.g., EOL systems awaiting upgrade)

6. Train Staff on Security Risks

  • Notify team members of the Windows 10 EOL timeline
  • Train staff on potential phishing and system alerts during transition
  • Provide updated procedures if using temporary devices or software

7. Implement Interim Security Controls (If Upgrade Is Delayed)

  • Isolate EOL systems from core networks
  • Limit PHI access on unsupported machines
  • Enable additional logging and endpoint monitoring

8. Confirm Full Decommissioning by September 2025

  • Set a hard cutoff date for all Windows 10 systems to be removed or replaced
  • Validate that no ePHI is processed or stored on these systems after cutoff
  • Document decommissioning and wipe securely

9. Schedule a Compliance Review

  • Perform a post-upgrade HIPAA Security Evaluation
  • Conduct vulnerability scanning or third-party audit
  • Store results for OCR or audit readiness

Bonus: Schedule Your Free Compliance Readiness Call