To begin the podcast, we answer a question from one of our listeners, Billie-jo. Listen to the episode for the detailed answer to the question but here is a link to some specific guidance on the issue given by HHS. The topic of this episode though is Malware Protection Under HIPAA.
There are two reasons for today’s topic: A question we received from a listener about understanding antivirus software and a news report about a malware scan that interrupted a medical procedure. Between those two cases it felt like it was time to discuss malware protection under HIPAA.
- Suzie from Savannah writes: I would like to have a podcast or a quick answer to the different between anti-virus software releases and anti-virus definitions being up-to-date. I understand the AV definitions up to date but a little fuzzy on AV software releases and examples please….
- A recent report came out about a malware scan that required a computer reboot that stopped a medical procedure. The FDA event report on it mentions more.
What is Malware?
Malware is a term everyone hears but what does it really mean and how do we stop it?
Malicious Software – malware
What we originally called computer viruses but when they became more complex with so many different types the name malware started to stick.
The better the detection and prevention tools get, the more stealthy and evasive the malware gets.
The hacking business has become very lucrative over the past couple of years.
As we move from accessing the web and email on our PCs to using mobile devices malware is growing there too. We discussed that on an older episode. There are now things like Stegomalware that are targeting smartphones.
Worry ’bout you-self, go drive! – The little girl on YouTube that Donna thinks is so funny.
Malware Protection Under HIPAA
To really discuss malware protection under HIPAA we have to look at what the law itself says first. So…..
§164.308 Administrative safeguards. (5)(ii) Implementation specifications. Implement: (B) Protection from malicious software (Addressable). Procedures for guarding against, detecting, and reporting malicious software.
What does OCR say about protections
Next, we have to review some guidance from OCR to really understand malware protection under HIPAA because their resolution agreements mention it specifically.
What do we say about malware and scans and AV programs
<30 minute mark> Listen in because my notes were left blank here. I had to hear what we were saying myself to learn what we thought! But we do explain the difference between AV software support and AV data definitions.