HIPAA 164.308(a)(5)(ii)(B)—Protection from Malicious Software

The Health Insurance Portability and Accountability Act (HIPAA) Security Audit reports show available documentation and compliance artifacts that help you demonstrate compliance with requirements of the HIPAA Security Rule, as outlined in the HIPAA Audit Protocol.

This report provides information on guarding against, detecting, and reporting malicious software to help you demonstrate compliance with HIPAA 164.308(a)(5)(ii)(B).

To access the HIPAA 164.312(a)(5)(ii)(B) report:

  1. In the Alert Logic console, click the menu icon (), and then click Validate.
  2. Click Reports, and then click Compliance.
  3. Under HIPAA Security Audit, click VIEW.
  4. Click HIPAA 164.312(a)(5)(ii)(B) - Protection from Malicious Software.

The report summary page displays two columns. HIPAA Audit Protocol lists each audit protocol inquiry for testing the selected HIPAA Security Rule requirement. Available Documentation and Artifacts describes, and contains links to, the documentation and compliance artifacts that this report can generate for each protocol.

Filter the report

To refine your findings, you can filter your report by date range and customer account.

Filter the report using drop-down menus

By default, Alert Logic includes (All) values for most filters in the report.

To add or remove filter values:

  1. Click the drop-down menu in the filter, and then select or clear values.
  2. Click Apply.

Schedule the report

After you finish setting up the report, you can use CREATE REPORT to run it periodically and subscribe users or an integration (such as a webhook) to receive a notification when the report is generated. To learn how to schedule the report and subscribe notification recipients, see Scheduled Reports and Notifications.

Available documentation and artifacts

This report provides documentation and artifacts that help you demonstrate that procedures for guarding against, detecting, and reporting malicious software are in place.

Procedures are incorporated

This HIPAA Audit Protocol requires you to demonstrate that procedures for guarding against, detecting, and reporting malicious software are incorporated in the security awareness and training program. These procedures may include, but are not limited to, the following:

  • Malicious software protection mechanism has been implemented
  • Information system protection capabilities
  • Roles and responsibilities in malicious software protection procedures
  • Steps to protect against malicious software
  • Steps to detect malicious software
  • Actions to be taken in response to malicious software detection

This section includes a link for quick access to the endpoint protection configuration in the Extended Endpoint Protection page in the Alert Logic console to review the protection status, software version status, and the last time Windows and MacOS endpoints checked in.

In addition, this report includes links for quick access to the endpoint protections events in the Extended Endpoint Protection page in the Alert Logic console to review malware attacks detected in your environment and actions taken in response to quarantine and override malicious files or isolated vulnerable endpoints.

Procedures in place

This HIPAA Audit Protocol requires a review of the documentation to demonstrate that procedures are in place to guard against, detect, and report malicious software.

Alert Logic does not provide data for this testing procedure. You must provide the policy and procedure documents for this audit.

Workforce members

HIPAA Audit Protocol requires a review of the documentation of the workforce members who should be trained, and who have been trained, on the procedures to guard against, detect, and report malicious software.

Alert Logic does not provide data for these testing procedures. You must provide the policy and procedure documents for this audit.