It depends. HIPAA applies to covered entities and their business associates, not to operating systems, so there is no such thing as a “HIPAA Compliant” operating system. That said, an operating system may lack features that a covered entity deems necessary for the covered entity’s HIPAA Security compliance. For example, some operating systems are “supported,” which means that the vendor provides periodic security periodic security patches for that product. Other operating systems are “unsupported.” When support for an operating system is pulled, that means the vendor will no longer provide security patches for that product, and the operating system will likely become increasingly insecure. Therefore, unsupported software products, including operating systems, have increased vulnerability to security problems. This increased vulnerability can put a covered dental practice at greater risk of breaches and noncompliance, which could lead to possible federal enforcement actions. If you learn that an operating system in your dental practice will no longer be supported, assess the risk and determine how best to mitigate the risk (e.g., planning migration to the next version of the operating system before support for your current system is pulled).