"End Of Support", Office 365 and HIPAA Compliance: why to keep your stuff… up to snuff.

If you are seeing Microsoft publish articles and emails about various systems going “End of Support” (and Lord knows they are everywhere these days…!) – it’s for a reason: the requirement most companies have for compliance is typically driven by regulation but there are other less obvious reasons to keep your stuff – up to snuff…

We do HIPAA. We do security, FinServ, PHI and EMR and DR and DLP and MNS and AV… and lots of other stuff with acronyms. Beringer is a Gold Certified Microsoft Partner so the acronyms are expected. As a result, we have a requirement to keep both our HIPAA clients AND our own stuff pretty tight as a Business Associate. Microsoft is also a BA – a pretty huge one and as such, has to keep their stuff pretty tight also. Office 365 being a good case in point.

The term” End Of Support” is used deliberately so that people keep their systems secure and – by association – in compliance with HIPAA, GLBA, PCI, etc… It is NOT just so Microsoft can get people off XP or to sell more new versions of Windows Server and SQL and Office 2013. It is because Microsoft, just like Beringer, has a very serious commitment to the security and containment of Protected Health Information and Financial data.

That commitment is solidly manifested in Office 365. The Rule says that solutions used in a HIPAA-compliant environment have to be “supported” or they are in violation. The need to get current and stay current is very great – not just in Healthcare but in many other areas and for a few more reasons. Office 365 allows users access to the latest securities, encryptions Office versions and more. I recently wrote about HIPAA and data loss from Thumb Drives and from that blog, if you don’t know already, you can see why this is critically important. Even small breaches of protected data can cost a business it’s existence. Big Brother is watching – no – actively seeking breaches and keeping your systems current is no longer an option, it’s not even a mandate – it’s an operational imperative.