UAMS ADMINISTRATIVE GUIDE

NUMBER: 7.3.15
DATE: April 1, 2005
REVISION:

SCOPE

UAMS Workforce with Access to Confidential Information, including Electronic Protected Health Information (ePHI), for any purpose.

DEFINITIONS

Confidentiality means the property that data or information is not made available or disclosed to unauthorized persons or processes.

Electronic protected health information means individually identifiable health information that is:

·     Transmitted by Electronic media

·     Maintained in Electronic media

Malicious code means an executable application (e.g. Java applet or Active X control) designed to damage or disrupt an information system.

POLICY

A.        UAMS maintains a documented process for appropriately guarding against, detecting, and reporting malicious software particularly viruses, worms and malicious code that pose a risk.

B.        UAMS workforce members are trained on and regularly reminded of malicious software, including, but not limited to:

1. How to identify malicious software

2. How to report malicious software

3. How to effectively use anti-virus software

4. How to avoid downloading or receiving malicious software

5. How to identify malicious software hoaxes

C.        The process for malicious software prevention, detection and reporting includes, but is not limited to:

1. Establishment of Active Directory policies and placement of intrusion detection and firewalls.

2. Installation and updating of anti-virus software on required information systems.

3. The examination of electronic mail attachments and data downloads for malicious software before use on UAMS information systems.

4. An appropriate disaster recovery plan for recovering from malicious software attacks.

5.  Procedures to limit unauthorized software installation.

D.        UAMS workforce members must not by-pass or disable anti-virus software unless appropriately authorized.