Since April of this year, Microsoft has ceased to offer security updates for Windows XP which means that practices with even a single network-connected pc running Windows XP are violating HIPAA and ineligible for meaningful use.
If any of your computers are using XP, you should move immediately to replace these computers – any hardware that came running XP is almost certainly underpowered to make upgrading software alone a worthwhile endeavor.
Before you dismiss the urgency of this matter, consider that hackers often actively target non-supported operating systems because their vulnerabilities are easily revealed simply be looking to see what patches are being offered for supported systems. Once identified, these weaknesses are relatively easy to exploit, which potentially puts your entire network at risk. Costs of any security breach will certainly exceed the costs of buying and configuring a new pc, which is typically under $1,000.