XP and HIPAA and Virtual Machines?

For complex topics that regular users would not be interested in. For power users and database administrators.
Post Reply
User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

XP and HIPAA and Virtual Machines?

Post by Justin Shafer » Sun May 18, 2014 5:13 pm

Lets say an office has an expensive medical device. Lets say it only works on XP. Lets say it has ethernet or usb.

Could we use a Virtual Machine running XP on a Host machine running say Windows 7?

Setup the Virtual Machine to not have internet access?
Setup the Virtual Machine and the medical device for NAT on a Virtual Lan?
Make the virtual disk image for the virtual machine overwritten with a good known disk image daily?

Could we arguably then use XP, and not throw away the medical device??

In this way it is no longer being used as on OS, but as an application????

Maybe???

http://www.hhs.gov/ocr/privacy/hipaa/fa ... /2014.html

Worth debating... I want a SOLID no, with a link.

Seems... bad...... that people would have to do this..... Throw perfectly good equipment away. Or sell it to mexico... :x

bpcomp
Posts: 304
Joined: Mon Feb 27, 2012 7:30 am
Location: Tucson, AZ
Contact:

Re: XP and HIPAA and Virtual Machines?

Post by bpcomp » Mon May 19, 2014 10:39 am

This might be left field but it might be worth a shot to try Wine under Linux for the XP only application. You then gain the security of an actively updated OS. You could still run it as a virtual machine with a private virtual Lan.

User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Re: XP and HIPAA and Virtual Machines?

Post by Justin Shafer » Mon May 19, 2014 11:00 am

Yeah.. good idea.. I had considered that.. problem is wine does not fare well with usb.... It doesn't support it.. or something. Perhaps ethernet over usb....Then there is application issues that can follow...

User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Re: XP and HIPAA and Virtual Machines?

Post by Justin Shafer » Mon May 19, 2014 1:38 pm

http://wiki.winehq.org/USB

Hmm.. maybe we will need to compile after-all... Hmmm

tgriswold
Posts: 122
Joined: Fri Jun 07, 2013 8:52 am

Re: XP and HIPAA and Virtual Machines?

Post by tgriswold » Mon May 19, 2014 3:25 pm

I'm not sure the exact situation you're in, but have you tried using a newer version of windows but running the application, or its installer in compatibility mode for XP or older? It only occasionally works for me, but its worth a shot.
Travis Griswold
Open Dental Software
http://www.opendental.com

JLM
Posts: 128
Joined: Wed Dec 05, 2012 12:52 pm

Re: XP and HIPAA and Virtual Machines?

Post by JLM » Tue May 20, 2014 3:15 pm

If the device interfaces with ethernet or usb, it should work from a xp guest VM. I have considered doing this with my old schick sensors that don't have 64bit drivers. If it is like Vixwin scsi, then no, it cannot be done. VM's cant/dont use scsi hardware. It can easily be configured to ignore the internet and revert to a snapshot on reboot. (Using workstation not player for vmware).

Jim Margarit

User avatar
Justin Shafer
Posts: 596
Joined: Sat Jul 28, 2007 7:34 pm
Location: Fort Worth, TX.

Re: XP and HIPAA and Virtual Machines?

Post by Justin Shafer » Thu May 22, 2014 7:23 am

Yup. I was happy to get a SCSI Denoptix running with Windows 7 and zero virtual machines with Dexis 10, but I think the USB version (single speed) would need.. A virtual machine, as the driver does not seem to work in Windows 7, period. Nor vista, if I recall. So we would need to use XP in a virtual machine for hipaa? But I don't think HIPAA allows it.

Anyone know? Even if we kinda went nuts creating an environment around any possible XP exploits? Would it pass muster? Legally...

KevinRossen
Posts: 293
Joined: Mon Apr 22, 2013 8:49 am
Location: Dallas, TX
Contact:

Re: XP and HIPAA and Virtual Machines?

Post by KevinRossen » Thu May 22, 2014 9:10 am

Justin Shafer wrote:Yup. I was happy to get a SCSI Denoptix running with Windows 7 and zero virtual machines with Dexis 10, but I think the USB version (single speed) would need.. A virtual machine, as the driver does not seem to work in Windows 7, period. Nor vista, if I recall. So we would need to use XP in a virtual machine for hipaa? But I don't think HIPAA allows it.

Anyone know? Even if we kinda went nuts creating an environment around any possible XP exploits? Would it pass muster? Legally...
Does the medical device's software permanently store and PHI? If not, you wouldn't really need to worry about XP from my understanding of HIPAA. If it's simply an interface that the data originates from and is stored elsewhere on the network I think you're ok.
Kevin Rossen
Office Manager, Rossen Dental
Founder, DivergentDental.com
Image

User avatar
Hersheydmd
Posts: 700
Joined: Sun May 03, 2009 9:12 pm

Re: XP and HIPAA and Virtual Machines?

Post by Hersheydmd » Thu May 22, 2014 5:42 pm

I have an i-CAT Classic. The acquisition computer (provided by Imaging Sciences and included in the annual maintenance contract/extended warranty) runs on WinXP.
After much consideration Imaging Sciences decided that they would not be able to upgrade everyone's XP computers to Win 7 or 8. I presume the software might not be compatible and would create too many problems.
Instead the solution they came up with, in coordination with Microsoft, is to update the acquisition computer in such a way that it only runs the specific programs that came with the computer, that are necessary for running the i-CAT. No other executable files will be able to run on the computer. It like a reverse anti-virus. Instead of allowing everything to run, except what the anti-virus prohibits, this will allow nothing to run, except the programs that are specifically allowed. I think it is an ingenuous solution.
Of course it means that any programs that I added to the computer like MS Office, or Dexis can no longer be used. I can live with that.
Robert M Hersh DMD, FAGD
Univ. of Penn 1982
Brooklyn, NY 11234
https://www.facebook.com/pages/Robert-M ... 1471599429

teethdood
Posts: 267
Joined: Sun Jul 29, 2007 12:39 am
Location: Visalia, CA
Contact:

Re: XP and HIPAA and Virtual Machines?

Post by teethdood » Fri May 23, 2014 7:48 am

Robert,

Viruses do not need permission/you clicking on anything for them to run. They can port scan the XP computer and infect it that way. Or they can infect other computers on the network then spread to your XP machine. The way iCat handled it will mitigate a lot of virus vectors, but it will not get them all. It's like a patient using a flipper as a permanent partial. Sure it works ok, but it's loose, food traps, etc. You get the point.
Philip H. Doan, DDS
http://www.kaweahdental.com/

JLM
Posts: 128
Joined: Wed Dec 05, 2012 12:52 pm

Re: XP and HIPAA and Virtual Machines?

Post by JLM » Tue May 27, 2014 8:59 am

Justin Shafer wrote:Yup. I was happy to get a SCSI Denoptix running with Windows 7 and zero virtual machines with Dexis 10, but I think the USB version (single speed) would need.. A virtual machine, as the driver does not seem to work in Windows 7, period. Nor vista, if I recall. So we would need to use XP in a virtual machine for hipaa? But I don't think HIPAA allows it.

Anyone know? Even if we kinda went nuts creating an environment around any possible XP exploits? Would it pass muster? Legally...
You can configure the guest vm to only network with the host machine. If the host does not have ICS (internet connection sharing) turned on then the guest has no access to the internet. Also, my understanding is that if the guest vm has dhcp turned off, a fixed ip, no gateway information, no dns information, then there is no access to the internet and it is "safe". I would be some firewall changes could reinforce that.

With host only networking, you could use the xp vm for acquisition, and store the data on the 'safe' computer host.

Jim Margarit

SofiiaSsss
Posts: 2
Joined: Mon Jan 01, 2024 10:48 pm

Re: XP and HIPAA and Virtual Machines?

Post by SofiiaSsss » Mon Feb 05, 2024 10:43 pm

While using a Virtual Machine (VM) to run XP on a Windows 7 host machine may seem like a solution to keep using an expensive medical device, it's important to consider HIPAA compliance and security risks. The Health and Human Services website provides guidelines on HIPAA compliance, and using outdated operating systems like XP may pose security vulnerabilities. It's recommended to prioritize patient data security and compliance with regulations. For more insights into medical device integration and compliance, you might find this post helpful: https://www.cleveroad.com/blog/medical- ... tegration/

Post Reply