Malicious software means software, for example, a virus or worm or Trojan horse or spyware, designed to damage or disrupt a system.

As part of the standard on Security Awareness and Training, Covered Entities must address procedures for guarding against, detecting, and reporting malicious software. The Malicious Software implementation specification is addressable, and must therefore be implemented if, after an assessment, the entity has determined that the specification is a reasonable and appropriate safeguard in its environment. If the entity decides that the addressable implementation specification is not reasonable and appropriate, it must document that determination and implement an equivalent alternative measure, presuming that the alternative is reasonable and appropriate, or if the standard can otherwise be met, the covered entity may choose to not implement the implementation specification or any equivalent alternative measure.

It is difficult to imagine any healthcare entity that for which it did not make sense to have solutions in place for:

• Anti-Virus protection
• Anti-Spyware protection
• Security patch management
• Data backup and recovery

ATG can assist with cost-effective, industry-leading best practices solutions in all these areas.

ATG's LiveVault online and recovery backup solutions, can provide secure, continuous, automatic backup solutions that provide exact, readily retrievable copies of EPHI with 100% guaranteed recovery.