Add to collection(s) Add to saved
  1. Science
  2. Physics
  3. Electronics

Standard Security #0005b - Protection From Malicious Software

East Carolina University
HIPAA Security Standards
Subject: Protection From Malicious
Software
Standard #: Standard-0005b
Supersedes:
Effective Date: April 21, 2005
Review Date: May 30, 2013
Coverage: ECU Health Care Components
Page: 1 of 2
Approved:
Revised: March 30, 2012, May 30, 2013
HIPAA Security
Rule Language:
“Implement…..Procedures for guarding against, detecting, and
reporting malicious software…..”
Regulatory
Reference:
45 CFR 164.308(a)(5)(ii)(B)
I. PURPOSE
This standard reflects East Carolina University’s commitment to provide regular training
and awareness to its employees about its process for guarding against, detecting, and
reporting malicious software that poses a risk to its information systems.
II. AUTHORIZATION AND ENFORCEMENT
Health Care component management and/or administrator(s) are responsible for
monitoring and enforcing this policy, in consultation with the ECU IT Security Officer,
ECU HIPAA Security Officer, and ECU HIPAA Privacy Officer.
III. STANDARD
ECU must train Health Care Component workforce members on guarding against,
detecting, and reporting malicious software that poses a risk to its information systems.
IV. APPLICABILITY
This standard is applicable to all workforce members who are responsible for or
otherwise administer a healthcare computing system. A healthcare computing system is
defined as a device or group of devices that store EPHI which is shared across the
network and accessed by healthcare workers.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 1 of 2
HIPAA Security Standard # 0005b: Protection From Malicious Software
V. PROCEDURE
The following safeguards must be implemented to satisfy the requirements of this
standard:
1. ECU must train workforce members on following procedures for guarding against,
detecting, and reporting on malicious software.
2. Training and awareness must cover the following topics at minimum:







How to identify and handle potential scams and hoaxes
Explanation of how university anti-virus and malware protection software operate
How to configure and use anti-virus and mal-ware protection software
Good security practices for web browsing, sharing files, and opening email
attachments
Risks of installing unsupported software
Security updates for workstations and software applications
What to do when anti-virus and mal-ware protection software detects a virus or
worm
VI. COORDINATING INSTRUCTIONS
1. All section policies, standards and procedures will be reviewed annually. Every
section policy, standard and procedure revision/replacement will be maintained for a
minimum of six years from the date of its creation or when it was last in effect,
whichever is later. Other East Carolina University, University of North Carolina
system, or state of North Carolina requirements may stipulate a longer retention.
Copyright 2003 Phoenix Health Systems, Inc.
Limited rights granted to licensee for internal use only. All other rights reserved
Page 2 of 2
Related documents
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
EAST CAROLINA UNIVERSITY HEALTH CARE COMPONENTS Request for Alternate Communication NOTICE TO PATIENT:
Policy Security #0006 - Security Incident Procedures
Policy Security #0006 - Security Incident Procedures
Standard Security #0005a - Security Reminders
Standard Security #0005a - Security Reminders
Our Institution
Our Institution
Document15457473 15457473
Document15457473 15457473
ECU/Operation LINK Privacy Statement
ECU/Operation LINK Privacy Statement
Standard Security #0001d - Information System Review
Standard Security #0001d - Information System Review
Download