Showing results for 
Search instead for 
Did you mean: 

Is Symantec Online Backup HIPAA Compliant?

Level 4
Employee Accredited Certified
While there is no standard HIPAA certificate of compliance for online backup services, Symantec Protection
Network (SPN) enables HIPAA defined covered entities that must store &protect electronic patient data comply with HIPAA security and privacy rules by:

  • Encrypting data at the point of origin, during the backup process, using 256-bit AES
    (approved by the NSA for encrypting U.S. classified data up to and
    including Top Secret).
  • Encryption key is private which only the originator (not even Symantec) has access
  • All information is sent through a secure 128-bit SSL tunnel to one of the
    Symantec datacenters.
  • Symantec data centers and operations are SAS-70 Type II certified.  
    Additionally SPN follows an ISO 17799 / 27002 security framework and ITIL
    Service Management framework.