Operating System Supported

Summary

Things to Consider to Help Answer the Question:

Consider whether your practice completes regular and real-time scans of its servers, information systems, and workstations, laptops and other electronic devices in order to identify and respond to suspected or known security incidents.

Your practice may not be able to safeguard its information systems, applications, and ePHI if it does not implement the information system's security protection tools to protect against malware.

Some potential impacts include:

- Unauthorized or inappropriate access to ePHI can compromise the confidentiality, integrity, and availability of your practice's ePHI.

- Unauthorized disclosure, loss, or theft of ePHI can lead to medical identity theft.

- Accurate ePHI may not be available when needed, which can adversely impact your healthcare professionals' ability to diagnose and treat their patients.

Examples of Safeguards:

Some potential safeguards to use against possible threats/vulnerabilities. NOTE: The safeguards you may choose will depend on the degree of risk (likelihood) and the potential harm that the threat/vulnerability poses to you and the individuals who are the subjects of the ePHI.

Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and their outcomes.

[45 CFR �164.308(a)(6)(ii)]

Employs automated mechanisms and tools to assist in the tracking of security incidents and in the collection and analysis of incident information, such as malware attacks.

[NIST SP 800-53 IR-5]

Configuration

In order to be considered compliant, the operating system must currently be supported by the operating system vendor