Does spyware and adware qualify as 'malicious software' under the HIPAA rules? |
 |
EXPERT RESPONSE FROM: Kevin Beaver
|
|
|
|
| > |
QUESTION POSED ON: 25 September 2003
The security rules of HIPAA mention "malicious software" and the need to prevent it from gaining access to information systems containing PHI. Most people I talk to on the subject think it only applies to computer viruses and are not aware of the security, privacy and stability issues involved with spyware and adware. Do you feel that spyware and adware qualify as "malicious software" under the HIPAA rules?
|
|
| > |
The HIPAA Security Rule defines malicious software is defined as "software, for example, a virus, designed to damage or disrupt a system." To answer your specific question, yes, I think spyware and adware definitely falls in this category. No one but the marketing companies and other malicious outsiders benefit from spyware and adware. In fact, many organizations are harmed, and the security and privacy of PHI and other confidential information are breached every day from this stuff. Therefore, you should address and handle this malware just like any virus, worm or Trojan horse. There are some great shareware and commercial products out there to help fill this void that typical antivirus software doesn't cover.
For more info on this topic, please visit these SearchSecurity.com resources:
Best Web Links: Health care/health services
Security Policies Tip: HIPAA -- Points to consider
Executive Security Briefing: Instilling a HIPAA mindset
|
|
|
|
|
|
|
|
Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and
answer pairs from more than 250 TechTarget industry experts.
|
|
|
|
|
|
|
|
|
|
|
|
