Skip to main content

Microsoft EOL'd Windows 7 during a pandemic & its hurting medical practices

Microsoft fully ended support for their Windows 7 product in January of last year. The change is primarily administrative: Microsoft will no longer distribute security patches for free with Window 7 or guarantee its functionality.

It is not a sudden move by Microsoft: the company has a well-documented support cycle for all versions of Windows, and Windows 7 customers were given plenty of notification, including from pop-ups from within Windows that users have to minimize to continue using the computers. This post is not meant to imply that Microsoft did not make a good faith effort to notify their users.

 


Also: Windows 7 is not a good product at this point. Windows 7 is fundamentally insecure and unstable with modern applications (and has been for years), regardless of what support cycle it is in.

That said, there are many unique situations for which running an out-of-date version of Windows is the only practical option. I've found this to be particularly true in the medical field, among practices of all sizes. The reasons why this is the case aren't widely understood, even by the physicians and executives who ultimately make purchases for things like office software licenses, so I thought I might talk about why I believe this to be the case, and why I think that Microsoft should loosen EOL restrictions on medical users of Windows 7.

It is fairly common knowledge that the FDA is responsible for manufacturing medical devices. When most people think about medical devices, they might think about an artificial implant, or a surgical tool, or maybe an X-Ray machine. Software is not widely understood as being a medical device, but if that software is included as part of a medical device, or is used by a company that makes medical devices, that software is regulated under rules just as stringent as those for the "device" itself. There are many differences between a software program and a physical medical device; the difference that is important for our discussion today is that a physical medical device is a static item that exists largely in the same state over a long period of time. It might be necessary to maintain the device, or the device might expire, but it is unusual to think of a medical device as requiring substantial modification over time in order to continue providing the same behavior over time. Yet, this is precisely the case with medical software.

The term "software for medical devices" is a very wide net, but as it relates to the issue of Windows licensing and support, I am thinking primarily about a specific type of software called a driver that is designed to allow a physical device like a camera or x-ray machine to "talk" to a computer. It is common for, say, a medical imaging device to be connected to a Windows PC in order to actually work. For regulatory purposes, the device doesn't include the PC. But practically, the Windows PC is required for the device to function. The "device" is a package deal between the medical device, the medical software, the PC and Windows.

When Windows is in its normal support cycle, Microsoft is regularly pushing a variety of updates and patches to Windows that change Windows in ways both large and small. These changes often have a direct influence on medical devices or their software. It is a common experience in a medical office for a Windows update to break something. Physicians in this situation are left with a choice: roll back the Windows update or do without the medical device.

In order to simply continue to provide the same functionality, medical device manufacturers must release updates for the software drivers that accompany their products. This is common practice for manufacturers of the vast majority of computer peripheral manufacturers, whether they make Mice or cameras or keyboards or printers. However, only medical device manufacturers must request FDA authorization for that software update. Regardless of whether that authorization process is overly burdensome or not, it exists, it costs medical device manufacturers significant additional expense, and it takes time. Many medical device manufacturers and software makers recoup these costs by charging licensing fees to allow device driver downloads. To an end-user physician, the results can be absurd situations where the level of service decreases with the level of investment: why pay thousands of dollars for a "medical" camera's software updates when a nearly identical camera that is not a medical device will tend to "just work" for years to come?

Several years ago, the FDA began to try to streamline the process of approving medical device software updates to address this issue. Revised guidance released in late 2017 for the 510k software approval form was designed to expedite approvals of medical device software updates, particularly for updates that do not change the functionality of the device. This course of action isn't risk-free from the regulator's perspective, and future administrations will certainly continue to modify this part of the approvals process. Even if a software update is not intended to fundamentally change a medical device's behavior doesn't mean that a bug included with that update might prove dangerous to a patient. There are no easy answers to this problem.

Quite a few doctors have seen this before

So let's return to Windows 7's end of support. Because of the software device driver regulatory burden described above, physicians - particularly those providing services in underprivileged communities and with patients of less means - just don't have the capitol to afford annual repurchases of all of the various medical applications *and* Windows *and* regular PC and equipment updates. In the case of imaging devices, upgrading the OS of an attached PC can mean repurchasing new physical components for that X-Ray machine. These aren't small costs we are talking about.

Let's also not forget that Microsoft ended support for Windows 7 the same month that COVID-19 pandemic began rearing its head in the US: January 2020. Yes, doctors ignored repeated update notifications. They may have had other things on their mind at the time.

Microsoft also made a slight modification to their prior end of support cycle rules. For Windows 7, Microsoft is enabling customers to purchase ongoing security patches for an annual fee. The fee starts at a couple of hundred dollars a year, increasing every year. Microsoft can't claim that they do not have the security patches available.

Given the unique situation facing medical professionals, between the extraordinary costs associated with upgrades to facing down the beginning of a once-in-a-century pandemic the same month that Microsoft ended Windows 7 support, would it be so much to ask for Microsoft to extend the Windows 7 security patches to medical offices? Call it a PR move/tax deduction/whatever. Doctors had a rough year. Give them a break.