While there is no standard HIPAA certificate of compliance for online backup services, Symantec Protection
Network (SPN) enables HIPAA defined covered entities that must store &protect electronic patient data comply with HIPAA security and privacy rules by:

• Encrypting data at the point of origin, during the backup process, using 256-bit AES
  (approved by the NSA for encrypting U.S. classified data up to and
  including Top Secret).
• Encryption key is private which only the originator (not even Symantec) has access
• All information is sent through a secure 128-bit SSL tunnel to one of the
  Symantec datacenters.
• Symantec data centers and operations are SAS-70 Type II certified.  
  Additionally SPN follows an ISO 17799 / 27002 security framework and ITIL
  Service Management framework.