Protection from Malicious Software is defined as an addressable implementation specification in the Security Awareness and Training Standard of the HIPAA Security Rule, § 164.308(a)(5). Attacks related to malicious software can be very disruptive to any organization. Some of you may have experienced this recently. Organizations need to closely review their capability to defend against malicious software attacks.
Detection, prevention, and recovery controls to protect against malicious code and appropriate user awareness procedures should be implemented by the organization.
Employees should be trained on procedures for guarding against, detecting, and reporting malicious software. You also need to determine if employees know the importance of timely application of system patches to protect against malicious software and exploitation of vulnerabilities.
On a regular schedule, organizations’ must conduct a thorough risk analysis activity to determine if the appropriate capabilities exist to prevent malicious software attacks causing a disruption in the enterprise. Defending against malicious software attacks requires not just managing patches for servers in the data center but also reviewing capabilities for all end systems. You also need to examine systems introduced by outside contractors as well as medical equipment connected to the network that may have an Internet address and could be vulnerable to attacks.
Preventing attacks from malicious software is not just a compliance requirement but also one that can and does seriously impact revenue (loss of critical systems) and productivity (loss of valuable time of employees) in the organization.
On-Site HIPAA Training. Get HIPAA Academy to Your Site!
Save Time and Money
HIPAA Academy, the industry’s leading provider of HIPAA training, certification and consulting, has delivered content and exams for HIPAA Academy’s Certified HIPAA Professional (CHP) and the Certified Security Compliance Specialist (CSCS) to organizations at their site. Get HIPAA Certified at your site. We can customize the content to meet your requirements. Our clients include many hospitals, long term care organizations, BCBS, several business associates and leading firms such as IBM, HP, E&Y, Kaiser Permanente and others. For details, please visit www.HIPAAAcademy.Net.
For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net
HIPAA Tip
HOW PREPARED IS YOUR ORGANIZATION FOR AN HIPAA AUDIT?
It was reported earlier in the year that Piedmont Hospital became the first organization in the United States to be audited for compliance with the HIPAA Security Rule. The audit was conducted by the office of the inspector general at the U.S. Department of Health and Human Service (HHS) and is being seen by some in the health care industry as a precursor of similar audits to come at other institutions. It was further reported that Piedmont Hospital was presented with a list of 42 items that U.S. Department Health and Human Services (HHS) officials wanted information on within 10 days of the request.
For example, in the area of malicious software defense, a audit should review if software to protect against malicious code has been installed to provide automatic updates of definition files and scanning engines to ensure the protection is up to date. In addition, is the capability installed on every desktop to carry out automatic checks? The audit should also review care has been taken to protect against the introduction of malicious code during maintenance and emergency procedures, which may bypass normal malicious code protection controls.
Learn more about the HIPAA Academy’s assessment service for HIPAA compliance. This is a fixed price, no expense, service that results in a HIPAA Academy Report that details the state of your organization’s compliance with the HIPAA Security Rule. The HIPAA Academy, the gold standard in HIPAA training, certification and consulting services, is offering an assessment of the areas that HHS identified in its recent audit! For details or to discuss further, please contact Ms. Lorna Waggoner at 1.877.899.9974 x17 or visit us at www.HIPAAAcademy.Net.
