WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec
30 March 2004
Symantec Enterprise Security Manager™ Baseline Policies for HIPAA Security and Privacy Standard

To use these baseline policies, Symantec ESM SU 18 or later is required for Symantec ESM 5.5 or Symantec ESM 6.0 managers and agents.

File(s)

Windows

Download Symantec Enterprise Security Manager™ Baseline Policy Manual for Health Insurance Portability and Accountability Act for Windows (PDF)

Download Microsoft Windows NT Server Policy Installer (EXE)

Download Microsoft Windows 2000 Professional, Server, and domain controller Policy Installer (EXE)

Download Microsoft Windows XP Policy Installer (EXE)

Download Microsoft Windows Server 2003 Policy Installer (EXE)

UNIX

Download Symantec Enterprise Security Manager™ Baseline Policy Manual for Health Insurance Portability and Accountability Act for UNIX (PDF)

Download AIX 4.x and 5.x Policy Installer (EXE)

Download Solaris 2.x Policy Installer (EXE)

Download Red Hat Linux 6.x and 7.x Policy Installer (EXE)

Download HP-UX 10.x and 11.x Policy Installer (EXE)


Description

The HIPAA Security and Privacy Standard defines administrative, physical, and technical safeguards to protect the confidentiality, integrity and availability of electronic protected health information (PHI). The Symantec ESM baseline policy for HIPAA assesses compliance with many of the technical and some administrative elements of the law and the standard's requirements. The policy addresses Title II, Subtitle F, Part C, section 1173, subsection (d) and 45 CFR Part 164.


About the HIPAA Security and Privacy Standard

The Health Insurance Portability and Accountability Act (HIPAA) has three major purposes:

  • To protect and enhance the rights of consumers by providing them access to their health information and controlling the inappropriate use of that information

  • To improve the quality of health care in the US by restoring trust in the health care system among consumers, health care professionals, and the multitude of organizations and individuals that are committed to the delivery of care

  • To improve the efficiency and effectiveness of health care delivery by creating a national framework for health privacy protection that builds on efforts by states, health systems, and individual organizations and Individuals

HIPAA is known as Public Law 104-191 that was enacted by the 104th congress on August 21st, 1996. Title II of the law, Preventing Health Care Fraud and Abuse; Administrative Simplification; Medical Liability Reform contains Subtitle F Part C Administrative Simplification. Under this part, Section 1173, Standards for Information Transactions and Data Elements, subsection (d) describes the act's high-level security standards and safeguards. The HIPAA Security and Privacy Standard was formally published as a Final Rule in the Federal Register as 45 CFR Parts 160, 162, and 164 on February 20, 2003.


Introducing Regulatory Baseline Policies

Symantec Enterprise Security Manager™ regulatory policies are based on regulations and standards and are intended to ease the burden of effective security policy development. These preconfigured policies provide prepackaged Symantec security research that assess compliance with each supported regulation or standard's minimum requirements.

Regulatory policies are configured to target specific OS platforms. These policies use preconfigured values, name lists, templates, and word files that directly apply to the targeted platforms. Regulatory policies use the modules and templates from Symantec ESM Security Update releases to check OS patches, password settings, and other vulnerabilities and exposures on the targeted operating system. These policies may also introduce new templates and word lists to check conditions required by the supported standard or regulation.


Last modified on: Wednesday, 28-Jan-09 12:00:03
Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2010 Symantec Corporation