CIPA, HIPPA Compliance



  • Do pfSense appliances provide CIPA, HIPPA compliance?  Thank you.



  • With my layman's understanding, CIPA and HIPPA just mean you can't share data. No firewall can stop people from sharing data. It's a business policy, not a technology thing. PFSense can help you enforce HIPPA by limiting how data moves in and out of a network, but there is no "check this box and be HIPPA compliant".

    Kind of like asking, "Is this desk HIPPA compliant". The desk is just a tool, but some tools may make certain aspects of enforcement easier.



  • @Harvy66:

    PFSense can help you enforce HIPPA by limiting how data moves in and out of a network, but there is no "check this box and be HIPPA compliant".

    That's certainly common sense, but that doesn't stop Cisco from marketing 'solutions' to the segment: http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Compliance/HIPAA/default.html

    But I doubt even cisco would label a firewall, router or switch 'HIPPA' compliant.



  • I had a quick glance at the HIPAA Security Rule and basically they want you to have a properly-configured firewall to protect electronic patient health info.  The end.