For those in business who are still running Windows XP you may be running into a problem you were hoping you could avoid sooner than later. There are many who have held off upgrading their OS due to cost and compatibility with the software they are using. But if you have HIPPA/HITECH compliance requirements that dreaded day of reckoning has been set. On April 8, 2014 Microsoft will stop releasing security patches. TechRepublic has an article with some suggestions on what you can do to be able to continue working. While the article gives a couple of options let me expand on those and give you some other ideas.
First is their suggestion about checking your hardware and upgrading. If you system will handle the upgrade this will save, but you also need to consider what type of licensing you have and what to get. If you do not have a volume license (VL) with Microsoft this is something you should consider. Also, in looking at a VL you will want to seriously consider purchasing a VL with Software Assurance (SA). What is SA? It is a license that includes upgrades for free. We have SA for our office with our OS and office software. That means that we can upgrade our systems with the latest OS and office when we want. We just purchased our office SA for 2010 recently and now that 2013 is out we can upgrade those machines from 2010 to 2013. This can be a considerable savings in the long run. When your SA expires you only have to purchase an SA renewal that is also considerably cheaper.
Second is Virtualization and options that available there. There are several ways of handling this. If you only have a couple machines than you will want to look as a possible solution VMWare. You can virtualize your current workstations to run on the new systems and then turn off the gateway of the XP VM (virtual machine) so it has access to server but no internet access. If you have quite a few users than looking at a Terminal Server (TS) solution maybe the best answer to the problem. But if you go this route you must consider what Server OS will the software run under. If will only work under Server 2003 and not Server 2008 you could find yourself in the predicament you are about to face now.
A third possibility is to do what I briefly touched on in two but with the current workstation(s) that run the software, put them on a different network with no internet or wireless access. You will then have the security control by not allowing anyone outside the organization to be able to connect. This would also mean denying wireless access to this network range.
Whatever solution you choose it will take some work so you can stay compliant.