Some Windows XP Users Can't Afford To Upgrade 953
colinneagle writes "During a recent trip to an eye doctor, I noticed that she was still using Windows XP. After I suggested that she might need to upgrade soon, she said she couldn't because she couldn't afford the $10,000 fee involved with the specialty medical software that has been upgraded for Windows 7. Software written for medical professionals is not like mass market software. They have a limited market and can't make back their money in volume because there isn't the volume for an eye doctor's database product like there is for Office or Quicken. With many expecting Microsoft's upcoming end-of-support for XP to cause a security nightmare of unsupported Windows devices in the wild, it seems a good time to ask how many users may fall into the category of wanting an upgrade, but being priced out by expensive but necessary third-party software. More importantly, can anything be done about it?"
Disable Networking (Score:5, Interesting)
Prevent those few computers that are running the program from touching the Internet in anyway. No networking services, web, email, ... or anything else. Make them strictly one function standalone devices.
Re:Helps but not a complete solution. (Score:2, Interesting)
Re:Certification (Score:5, Interesting)
I bet a lot of that $10k fee is due to the software requiring FDA certification.
Oh that wouldn't surprise me, back oh 15 years ago I helped due a transition from paper to electronic. It was right up along the lines of $38k here in Canada for the software. And my family doctor just dumped their old version of Wolf Medical to a new version, total cost for 6 computers? $118k.
Very common (Score:5, Interesting)
My old hospital was hit by this already. They couldn't afford an enterprise license from Microsoft that allows them to pick which version of windows to install on their PC's, (hundreds of thousands of dollars), some of our critical EMR software was only XP compatibe and would not work on WIndows7. When Microsoft quit selling XP and wouldn't allow us to downgrade our Windows 7 systems, we were in a bind. We were able to find some XP licenses in the wild but still are between a rock and a hard place. FDA certification for our EMR vendors is a pain and moving to the new version of windows is hard. I have no idea how we will overcome the sunsetting of XP.
Re:Should run on Win7 (Score:5, Interesting)
No need to upgrade to new software, it should run on Win7. There are multiple ways to configure compatibility.
FWIW, Win7 seems to be much more friedly to this than win8.
I've had two 16-bit programs (one used for point-of-sale another a game my mom likes to play) hobbling along since win95. WinXP worked okay (some compatibility flags made it work), Win7 was a bear to make work with the printer and the point-of-sale program, and finally win8 broke both of them. No application error message, just win8 says, you can't run them anymore (the troubleshooter recommends using winxp mode sp3, but that doesn't work, nor do any of the other modes from win95, 98, me, XP-sp2, Vista, or win7, w/ or w/o administrator priviledges, or in reduced color mode). The orginal publisher of both pieces of software are no longer in business, so purchasing upgrades to the new OS is a non-starter.
I've had to downgrade two new computers back to win7 and winxp (didn't have more than one spare win7 licence, so I had to reach back to xp) to support these programs for now, but now the writing is on the wall. I'm sure that my case is not unique and given my predicament, I'm sure that there are some applications that just won't run on win7 either even in compatibility mode.
Re:Wrong platform (Score:5, Interesting)
The problem is customers. I work at a major hospital and a local consortium is looking to purchase some new medical records software, worth about $10 million.
We've been drafting the new contract for tender, and line 1 of the tender instructions is "The software will run on Windows Server 2008 R2 or Windows Server 2012 64-bit on the servers, and on Windows XP, 7 and 8 32-bit and 64-bit on the client side". I protested at this, but was told by the technical chair, that this term was not negotiable as it was a critical part of the spec; they simply did not have the in-house experience to manage a *nix system.
Later on, there was another line in the tender instructions. "The distribution of the source code of the product must be strictly controlled with appropriate audit trails for persons who have seen it, includes the source code of any 3rd party components used within the product". Again, I protested about this, but the chair of information governance and security said, that this term was non-negotiable due to the large volume and the critical nature of the data stored in this system!!
Re:Certification (Score:4, Interesting)
Maybe they don’t know all their options (Score:4, Interesting)
Re:I'm gonna say... (Score:5, Interesting)
Re:specialty software prices (Score:5, Interesting)
Actually—(a) they're just called "papers," the "white" part is a specific piece of IT jargon, and should be pronounced "scientific-sounding marketing material," as white papers are almost never rigorous or unbiased, and (b) there are plenty of books published at levels above the expected comprehension of a graduate course; these are usually bundles of papers and protocols (procedures). They're sometimes called "textbooks," but more properly "monographs [wikipedia.org]."
And for what it's worth, graduate textbooks and monographs are cheaper than undergraduate textbooks because they involve fewer writers, as the material is more narrow and there are fewer experts available. Monographs in particular are exceptionally cheap because the idea of publishing a book generally comes up after the material has already been written.
Regarding the availability of content, however, the Internet is really not all that it seems when it comes to content for fourth-year undergrads and grad students. Textbooks targeted at such groups generally require combing a great deal of journal articles, which are generally available, but may not necessarily be in a consumable format. My favourite example is this paper [sciencedirect.com], which outlines a method of constructing a solution to a problem (WJISP in polynomial time) and then completely fails to explain how the method works (It takes about half an hour to work out even when you know what they're talking about.)
This is where having a competently-written textbook becomes invaluable, and were it not for Wikipedia, many more topics would be completely unrepresented in any electronic secondary source.
Comment removed (Score:5, Interesting)
Re:Unplug the computer from the WWW (Score:5, Interesting)
Two separate networks run on two separate switches (yes, VLAN's could have been used, but the switches didn't support them). Each port in the building can be configured to the internal or external network. Wireless is only available on the external network.
To this end:
1) The ultrasound computer is airgapped because it's running Windows XP. Specifically, the software for the US machine is very old and only runs on XP, and upgrading would be a $10,000+ purchase (new US machine, not just the software cost).
2) The records keeping and accounting is separate from the internet. Customer records are only available on the internal network, and not connected directly to the internet. These computers are thin clients with USB mass storage support disabled.
3) The internet computer is a disposable kiosk computer, which has no access to customer records. If someone wants to look something up (ie. rare disease), that computer is available for that. It's also accessible for emails.
This has worked remarkably well. In the (extremely rare) event that an US picture needs to be emailed, the US computer is briefly connected to the internet behind a NAT firewall. We've had zero viruses or known intrusions on the internal network in 10 years.
The doctors at this office are accustomed to the inconveniences that this brings, but they work around those issues. They did business for over 30 years with paper records, and they see no need to switch. The idea that some sensitive data gets leaked or hacked is more important than the minor efficiency gains they could achieve. However, this is a rare case. Most of my customers demand all their computers be internet-connected.
Re:Certification (Score:4, Interesting)
Re:I'm gonna say... (Score:2, Interesting)
Re:Helps but not a complete solution. (Score:5, Interesting)
I'm in agreement with you.
On the flip side, I can think of one hospital I worked at that was a constant back and forth between the guys doing the network security and the doctors. The doctors won every time, with the guys doing the network security walking away with scraps of their generally good ideas. They eventually found a good compromise that didn't leave a bunch of security issues, but the doctors had the better leverage and wanted ease of use if they were going to use the computers at all. They just wouldn't use your computers if you made it too difficult (which was not very difficult at all, but not as easy as the old ways they did things). That said, they were able to figure things out, but if security makes the doctors' life more difficult, they'd rather just do it all without the computers, making the whole thing a moot point.
Re:Helps but not a complete solution. (Score:5, Interesting)
Doctors can do what they want, netops are happy with what they get to lock down, and we even pass a lot of the DSD compliance ratings (not that we're audited, but it's a good benchmark).
*Can't solve your problem in 10 minutes, a further 5 minutes to blow the machine back to standard image. 5 more to reconfigure default accounts and such (which is automated, but we also need to wait for download/ sync of emails etc.). 20 minutes downtime from start of call to end, maximum.
Re:Easy solution...virtualization. (Score:5, Interesting)
And who sets this all up for the doctor or dentist, and how much are they going to charge, and what is the maintenance charge to make sure it keeps working and the person who set it up is available to fix it in a day's time if necessary?