Whitepaper: HIPAA Compliance with Microsoft Windows 10


In April 2017, Microsoft released a new Creators Update which furthered their commitment to decreasing the exposure of ePHI. Along with changes to telemetry settings, the update also provided granular details on amended basic level Windows diagnostic events and fields. In an effort to provide the most up-to-date information available, we have amended our whitepaper and drafted a new Appendix section with links to the recent Creators Update.

CIOs, IT Directors and IT Managers are often deputized as their organization’s Health Insurance Portability and Accountability Act (HIPAA) Security Officer. In addition to being responsible for HIPAA security and compliance, these individuals may also be tasked with overseeing a company-wide upgrade to Microsoft Windows 10.

Organizations in every industry, including the Pentagon and Department of Defense, are upgrading to Windows 10 to improve their security posture. Windows 10 has been designed to be the most secure Windows yet and includes deep architectural advancements that have changed the game when navigating hacking and malware threats. However, as with all software upgrades; functionality, security and privacy implications must be understood and addressed.

Microsoft enlisted HIPAA One to assist in configuring Microsoft Windows 10 to support HIPAA security and privacy requirements and debunk the common misconception that using Windows 10 opens an organization to HIPAA violations.

This whitepaper, co-authored by Microsoft and HIPAA One, provides guidance on how to leverage Microsoft Windows 10 Enterprise as a HIPAA-compliant, baseline operating system for functionality and security.