Video Screencast Help

DLP: PHI updates for HIPPA policy

Created: 27 Nov 2013 | 7 comments
madstan's picture

Actually two questions. First, are there any updates for the PHI values, like drug names and codes, for the HIPPA policy in DLP? Since the policy is created by a template I'm wondering how is it possible to update this information. I suspect the update is manual, but where can one obtain the PHI values to update the policy?

Second question is, I have not received any Windows update notices from their Altiris web site in quite a while. When I went to the website to check the knowledgebase, my user name and password were no longer valid. Did Symantec move this feature to another website?


Operating Systems:

Comments 7 CommentsJump to latest comment

pete_4u2002's picture

yes PHI is covered, refer the admin guide. extracted the information for you.

The HIPAA and HITECH (including PHI) policy strictly enforces the US Health Insurance Portability and Accountability Act (HIPAA). Health Information Technology for Economic and Clinical Health Act (HITECH) is the first national law that mandates breach notification for PHI.

This policy template detects data concerning prescription drugs, diseases, and treatments in combination with Protected Health Information (PHI). Organizations that are not subject to HIPAA can also use this policy to control PHI data. TPOs (Treatment, Payment, or health care Operations) are service providers

you need to import the

HIPAA and HITECH (including PHI) policy template

and the KB is on

madstan's picture

Thank you for your reply, but perhaps I wan't clear enough with my question. I have install the HIPAA policy with the health care solution pack (this is the same policy which is provided by the template). My question is, where can I find updates for drug names and drug codes? I suppose I can manually enter the new codes on the policy itself, but I still new to know the new codes and names. Is there a website or source where I can find the new names and codes? If there are templates with the new names that would be OK too, but where can I find them?

AMyers6671's picture

As a partner, we get this question as well. In subsequent updates and/or hotfixes, are these policy templates updated with current information or do they remain static?

If this post has helped you, please vote up or mark as solution to help others looking for the same data.

jjesse's picture

I've always stated they do, but never really looked into it to make sure. Now I'm interested

Jonathan Jesse Practice Principal ITS Partners

DLP Guy's picture

I'm a bit confused.  The policy says it detects:

This policy template detects data concerning prescription drugs, diseases, and treatments in combination with Protected Health Information (PHI).

But from my read of HIPAA, only PHI is required to be detected.  In the end, it's about verifying personal information is not leaked.  My impression is that drug/medical information that's not associated with an individual is free to be distributed.  So a medical record can be sanitized by removing the PHI so the rest can be used for other purposes.  What am I missing?

madstan's picture

The DLP policy for HIPAA uses (SS number AND drug name)  or (SS number and drug code) or (SS number and disease)....

I have tried posting this several times but apparently there is a filter that blocks my post becasue of the URL. At any rate, the FDA website has a page with the drug names which are updated quarterly.