[](https://www.paloaltonetworks.com/?ts=markdown)

* Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)
  ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg)

* [](https://www.paloaltonetworks.com/?ts=markdown)

* Products  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products  
  [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)
  
  * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)
  
  * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  
  * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)
  
  * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)
  
  * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  
  * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)
  
  * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)
  
  * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  
  * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)
  
  * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)
  
  * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)
  
  * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)
  
  * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)
  
  * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  
  * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)
  
  * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)
  
  * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)
  
  * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)
  
  * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)
  
  * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)
  
  * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)
  
  * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)
  
  * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)
  
  * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)
  
  * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)
  
  * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)
  
  * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)  
    [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)
  
  * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)
  
  * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)
  
  * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)
  
  * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)
  
  * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)
  
  * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)
  
  * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)
  
  * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown)
  
  * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)
  
  * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown)
  
  * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)
  
  * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown)
  
  * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  
  * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* Solutions  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions  
  Secure AI by Design
  
  * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)
  * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)  
    Network Security
  * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)
  * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown)
  * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)
  * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)
  * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown)
  * [OT Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown)
  * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown)
  * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown)
  * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown)
  * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown)
  * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown)
  * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)  
    Cloud Security
  * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown)
  * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown)
  * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown)
  * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown)
  * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown)
  * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown)
  * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown)
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown)
  * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown)  
    Security Operations
  * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown)
  * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown)
  * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown)
  * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown)
  * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown)
  * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown)
  * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)
  * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown)
  * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown)
  * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown)
  * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown)
  * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown)  
    Endpoint Security
  * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown)
  * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown)
  * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown)
  * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown)  
    [Industries](https://www.paloaltonetworks.com/industry?ts=markdown)
  * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown)
  * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown)
  * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown)
  * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown)
  * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown)

* Services  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services  
  [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)
  
  * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)
  
  * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown)
  
  * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown)
  
  * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown)
  
  * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown)
  
  * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown)
  
  * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown)
  
  * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown)
  
  * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown)
  
  * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown)
  
  * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown)
  
  * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown)
  
  * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown)
  
  * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown)
  
  * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)
  
  * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown)
  
  * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown)
  
  * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown)
  
  * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown)
  
  * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown)
  
  * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)
  
  * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)
  
  * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)
  
  * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown)
  
  * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown)
  
  * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown)
  
  * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown)  
    [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown)
  
  * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown)
  
  * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown)
  
  * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown)
  
  * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown)
  
  * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown)  
    [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg)  
    UNIT 42 RETAINER
    Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial.
    Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown)

* Partners  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners  
  NextWave Partners
  
  * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown)
  * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown)
  * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown)
  * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown)
  * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown)
  * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown)
  * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown)
  * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown)  
    Take Action
  * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown)
  * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown)
  * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner)
  * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess)
  * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator)  
    [CYBERFORCE
    CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise.
    Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown)

* Company  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company  
  Palo Alto Networks
  
  * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
  * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown)
  * [Investor Relations](https://investors.paloaltonetworks.com)
  * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
  * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown)
  * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
  * [Military \& Veterans](https://jobs.paloaltonetworks.com/military)  
    [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown)
  * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown)
  * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown)
  * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown)
  * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown)
  * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown)
  * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
  * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown)  
    Careers
  * [Overview](https://jobs.paloaltonetworks.com/)
  * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/)  
    [A Newsweek Most Loved Workplace
    "Businesses that do right by their employees"
    Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown)

* More  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More  
  Resources
  
  * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
  * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/)
  * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
  * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
  * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
  * [Tech Insider](https://techinsider.paloaltonetworks.com/)
  * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/)
  * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/)
  * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown)
  * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown)
  * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown)
  * [Tech Docs](https://docs.paloaltonetworks.com/)
  * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown)
  * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/)
  * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown)  
    Connect
  * [LIVE community](https://live.paloaltonetworks.com/)
  * [Events](https://events.paloaltonetworks.com/)
  * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown)
  * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown)
  * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)  
    [Blog
    Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity
    Learn more](https://www.paloaltonetworks.com/blog/)

* Sign In  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In
  
  * Customer
  * Partner
  * Employee
  * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown)
  * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown)

* EN  
  ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language
  
  * [USA (ENGLISH)](https://www.paloaltonetworks.com)
  * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au)
  * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br)
  * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca)
  * [CHINA (简体中文)](https://www.paloaltonetworks.cn)
  * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr)
  * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de)
  * [INDIA (ENGLISH)](https://www.paloaltonetworks.in)
  * [ITALY (ITALIANO)](https://www.paloaltonetworks.it)
  * [JAPAN (日本語)](https://www.paloaltonetworks.jp)
  * [KOREA (한국어)](https://www.paloaltonetworks.co.kr)
  * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat)
  * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx)
  * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg)
  * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es)
  * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw)
  * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk)

* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)

* [What's New](https://www.paloaltonetworks.com/resources?ts=markdown)

* [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount)

* [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html)

* [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown)  
  Search  
  All

* [Tech Docs](https://docs.paloaltonetworks.com/search)  
  Close search modal
  [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.deploybravely.com)  
  [](https://www.paloaltonetworks.com/?ts=markdown)

1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
2. [Cloud Security](https://www.paloaltonetworks.com/cyberpedia/cloud-security?ts=markdown)
3. [Data Compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations?ts=markdown)
4. [What Is HIPAA?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa?ts=markdown)  
   Table of Contents

* [What Is Cybersecurity Compliance?](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations?ts=markdown)
  * [Three Pillars of Cybersecurity Compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#pillars?ts=markdown)
  * [Understanding Cybersecurity Compliance](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#understanding?ts=markdown)
  * [Key Security Compliance Frameworks and Regulations](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#key?ts=markdown)
  * [Building an Effective Cybersecurity Compliance Program](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#building?ts=markdown)
  * [The Future of Cybersecurity Compliance: AI and Emerging Trends](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#future?ts=markdown)
  * [Cybersecurity Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/cybersecurity-compliance-and-regulations#faqs?ts=markdown)
* [What Is Healthcare Cybersecurity?](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity?ts=markdown)
  * [Why Is Cybersecurity Important to Healthcare](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#important?ts=markdown)
  * [Elements of Healthcare Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#elements?ts=markdown)
  * [HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#security?ts=markdown)
  * [Healthcare Data Breaches](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#breaches?ts=markdown)
  * [Healthcare Business Continuity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#business?ts=markdown)
  * [Protected Healthcare Information](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#healthcare?ts=markdown)
  * [Key Challenges in Healthcare Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#challenges?ts=markdown)
  * [Healthcare Cybersecurity Strategies and Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#strategies?ts=markdown)
  * [The Future of Healthcare Cybersecurity](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#future?ts=markdown)
  * [Healthcare Cybersecurity FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-healthcare-cybersecurity#faqs?ts=markdown)
* [What Is GDPR Compliance?](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance?ts=markdown)
  * [What Is GDPR?](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#what?ts=markdown)
  * [GDPR \& Data Sovereignty](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#sovereignty?ts=markdown)
  * [Key Principles of the GDPR](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#key?ts=markdown)
  * [GDPR Requirements](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#gdpr?ts=markdown)
  * [GDPR FAQs](https://www.paloaltonetworks.com/cyberpedia/gdpr-compliance#faqs?ts=markdown)
* [What Is Personal Data?](https://www.paloaltonetworks.com/cyberpedia/personal-data?ts=markdown)
  * [Personal Data Explained](https://www.paloaltonetworks.com/cyberpedia/personal-data#personal?ts=markdown)
  * [Personal Data Across Various Legislations](https://www.paloaltonetworks.com/cyberpedia/personal-data#data?ts=markdown)
  * [Understanding Identifiability](https://www.paloaltonetworks.com/cyberpedia/personal-data#understanding?ts=markdown)
  * [Important Factors When Determining Personal Data](https://www.paloaltonetworks.com/cyberpedia/personal-data#important?ts=markdown)
  * [How Is Understanding Personal Data Beneficial?](https://www.paloaltonetworks.com/cyberpedia/personal-data#how?ts=markdown)
  * [Personal Data Security Tools](https://www.paloaltonetworks.com/cyberpedia/personal-data#tools?ts=markdown)
  * [Personal Data FAQs](https://www.paloaltonetworks.com/cyberpedia/personal-data#faqs?ts=markdown)
* What Is HIPAA?
  * [Is Your Organization HIPAA Compliant?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#compliant?ts=markdown)
  * [Understanding HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#understanding?ts=markdown)
  * [What Is Protected Health Information (PHI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#protected?ts=markdown)
  * [HIPAA: Breach Notification](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#breach?ts=markdown)
  * [HIPAA Privacy Rule: The Standard of Minimum Necessary](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#privacy?ts=markdown)
  * [The Security Rule: Safeguarding Electronic Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#security?ts=markdown)
  * [OCR Audit Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#ocr?ts=markdown)
  * [HIPAA for Big Tech and Startups](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#big-tech?ts=markdown)
  * [HIPAA Compliance Tips for DevOps and AppSec Practitioners](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#devops?ts=markdown)
  * [HIPAA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#faqs?ts=markdown)
* [What Is Sensitive Data?](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown)
  * [Sensitive Data Explained](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#sensitive?ts=markdown)
  * [Understanding the Types of Sensitive Data](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#understanding?ts=markdown)
  * [Navigating the Landscape of Data Privacy Regulations](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#navigating?ts=markdown)
  * [Sensitive Data Protection: Best Practices](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#best-practices?ts=markdown)
  * [Sensitive Data FAQs](https://www.paloaltonetworks.com/cyberpedia/sensitive-data#faqs?ts=markdown)
* [What Is SOC 2 Compliance?](https://www.paloaltonetworks.com/cyberpedia/soc-2?ts=markdown)
  * [SOC 2 Explained](https://www.paloaltonetworks.com/cyberpedia/soc-2#soc?ts=markdown)
  * [Why SOC 2 Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/soc-2#why?ts=markdown)
  * [SOC 2 Requirements](https://www.paloaltonetworks.com/cyberpedia/soc-2#requirements?ts=markdown)
  * [Who Can Perform a SOC Audit?](https://www.paloaltonetworks.com/cyberpedia/soc-2#who?ts=markdown)
  * [SOC 2 Audit Checklist](https://www.paloaltonetworks.com/cyberpedia/soc-2#checklist?ts=markdown)
  * [SOC 1 Vs. SOC 2](https://www.paloaltonetworks.com/cyberpedia/soc-2#vs?ts=markdown)
  * [SOC 2 FAQs](https://www.paloaltonetworks.com/cyberpedia/soc-2#faqs?ts=markdown)
* [What Is Healthcare Business Continuity?](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare?ts=markdown)
  * [Why Is Business Continuity Important to Healthcare?](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#important?ts=markdown)
  * [Potential Disruptions to Healthcare Organizations' Continuity](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#potential?ts=markdown)
  * [The Growing Threat of Ransomware in Healthcare](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#ransomware?ts=markdown)
  * [Why Healthcare Is a Prime Target for Cyberattacks](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#target?ts=markdown)
  * [How Healthcare Business Continuity Directly Impacts Lives](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#healthcare?ts=markdown)
  * [Costs of Downtime in the Healthcare Sector](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#costs?ts=markdown)
  * [How to Ensure Business Continuity in Healthcare](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#business?ts=markdown)
  * [Benefits of Business Continuity Planning](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#planning?ts=markdown)
  * [Healthcare Business Continuity FAQs](https://www.paloaltonetworks.com/cyberpedia/business-continuity-for-healthcare#faqs?ts=markdown)
* [What Are HIPAA Security Rules?](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules?ts=markdown)
  * [Why Is the HIPAA Security Rule Important?](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#why?ts=markdown)
  * [Overview of the HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#overview?ts=markdown)
  * [HIPAA Security Rule Requirements](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#requirements?ts=markdown)
  * [The HIPAA Breach Notification Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#breach-notification-rule?ts=markdown)
  * [HIPAA Compliance and Enforcement](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#compliance-and-enforcement?ts=markdown)
  * [Best Practices for HIPAA Compliance](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#best-practices?ts=markdown)
  * [Potential Trends in HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#trends?ts=markdown)
  * [HIPAA Security Rule FAQs](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules#faq?ts=markdown)
* [What Is Protected Health Information (PHI)?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi?ts=markdown)
  * [Why Is Protected Health Information (PHI) Important?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#important?ts=markdown)
  * [Examples of Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#protected?ts=markdown)
  * [What Is ePHI?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#ephi?ts=markdown)
  * [Securing Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#securing?ts=markdown)
  * [What Is a PHI Breach?](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#breach?ts=markdown)
  * [Evolving Landscape: Emerging Technologies and PHI Security](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#landscape?ts=markdown)
  * [Protected Health Information (PHI) FAQs](https://www.paloaltonetworks.com/cyberpedia/protected-health-information-phi#faqs?ts=markdown)
* [What Is the California Consumer Privacy Act (CCPA)?](https://www.paloaltonetworks.com/cyberpedia/ccpa?ts=markdown)
  * [California Consumer Privacy Act (CCPA) Explained](https://www.paloaltonetworks.com/cyberpedia/ccpa#ccpa?ts=markdown)
  * [How Does the CCPA Define Personal Information?](https://www.paloaltonetworks.com/cyberpedia/ccpa#how?ts=markdown)
  * [CCPA Vs. GDPR](https://www.paloaltonetworks.com/cyberpedia/ccpa#compare?ts=markdown)
  * [Container Firewall FAQs](https://www.paloaltonetworks.com/cyberpedia/ccpa#faq?ts=markdown)
* [An Overview of FedRAMP and Why You Should Care About It](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview?ts=markdown)
  * [Advantages of FedRAMP for Federal Agencies](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview#advantages?ts=markdown)
  * [Other Parties That May Be Interested in FedRAMP](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview#other?ts=markdown)
  * [More Information](https://www.paloaltonetworks.com/cyberpedia/fedramp-overview#more?ts=markdown)
* [What Is Data Governance?](https://www.paloaltonetworks.com/cyberpedia/data-governance?ts=markdown)
  * [Data Governance Explained](https://www.paloaltonetworks.com/cyberpedia/data-governance#data?ts=markdown)
  * [Why Data Governance Matters](https://www.paloaltonetworks.com/cyberpedia/data-governance#why?ts=markdown)
  * [The Benefits of Data Governance](https://www.paloaltonetworks.com/cyberpedia/data-governance#benefits?ts=markdown)
  * [Enterprise Data Governance Challenges](https://www.paloaltonetworks.com/cyberpedia/data-governance#enterprise?ts=markdown)
  * [Cloud Data Governance Challenges](https://www.paloaltonetworks.com/cyberpedia/data-governance#cloud?ts=markdown)
  * [Data Governance Strategy](https://www.paloaltonetworks.com/cyberpedia/data-governance#data-governance?ts=markdown)
  * [Building a Strong Data Governance Framework](https://www.paloaltonetworks.com/cyberpedia/data-governance#building?ts=markdown)
  * [Data Governance Best Practices: Tips and Strategies](https://www.paloaltonetworks.com/cyberpedia/data-governance#best-practices?ts=markdown)
  * [Securing Data Access: The Importance of Data Access Governance](https://www.paloaltonetworks.com/cyberpedia/data-governance#securing?ts=markdown)
  * [Unlock the Full Potential of Your Data with Comprehensive Data Governance Capabilities](https://www.paloaltonetworks.com/cyberpedia/data-governance#unlock?ts=markdown)
  * [Data Governance FAQs](https://www.paloaltonetworks.com/cyberpedia/data-governance#faqs?ts=markdown)
* [What is the Difference between FISMA and FedRAMP?](https://www.paloaltonetworks.com/cyberpedia/difference-between-fisma-and-fedramp?ts=markdown)
* [Simplified Healthcare Compliance and Risk Management with Prisma Cloud](https://www.paloaltonetworks.com/cyberpedia/simplified-healthcare-compliance-and-risk-management-with-prisma-cloud?ts=markdown)
* [What Is Data Privacy?](https://www.paloaltonetworks.com/cyberpedia/data-privacy?ts=markdown)
  * [Data Privacy Explained](https://www.paloaltonetworks.com/cyberpedia/data-privacy#data?ts=markdown)
  * [Why Is Data Privacy Crucial for Businesses and Consumers?](https://www.paloaltonetworks.com/cyberpedia/data-privacy#why?ts=markdown)
  * [What Are the Use Cases for Data Privacy?](https://www.paloaltonetworks.com/cyberpedia/data-privacy#what?ts=markdown)
  * [‍Data Privacy FAQs](https://www.paloaltonetworks.com/cyberpedia/data-privacy#faqs?ts=markdown)
* [How to Maintain AWS Compliance](https://www.paloaltonetworks.com/cyberpedia/how-to-maintain-aws-compliance?ts=markdown)
* [What Is Data Compliance?](https://www.paloaltonetworks.com/cyberpedia/data-compliance?ts=markdown)
  * [Data Compliance Explained](https://www.paloaltonetworks.com/cyberpedia/data-compliance#data?ts=markdown)
  * [Why Is Data Compliance Important?](https://www.paloaltonetworks.com/cyberpedia/data-compliance#why?ts=markdown)
  * [Cloud Challenges Data Compliance](https://www.paloaltonetworks.com/cyberpedia/data-compliance#cloud?ts=markdown)
  * [Data Compliance Varies Across Industries](https://www.paloaltonetworks.com/cyberpedia/data-compliance#varies?ts=markdown)
  * [Meeting Data Compliance Standards](https://www.paloaltonetworks.com/cyberpedia/data-compliance#meeting?ts=markdown)
  * [Data Compliance FAQs](https://www.paloaltonetworks.com/cyberpedia/data-compliance#faqs?ts=markdown)
* [What Is NIST?](https://www.paloaltonetworks.com/cyberpedia/nist?ts=markdown)
  * [NIST Explained](https://www.paloaltonetworks.com/cyberpedia/nist#nist?ts=markdown)
  * [The NIST Secure Software Development Framework (SSDF)](https://www.paloaltonetworks.com/cyberpedia/nist#the?ts=markdown)
  * [What Do Nist Guidelines Cover?](https://www.paloaltonetworks.com/cyberpedia/nist#what?ts=markdown)
  * [CSF Vs. SSDF](https://www.paloaltonetworks.com/cyberpedia/nist#vs?ts=markdown)
  * [‍NIST FAQs](https://www.paloaltonetworks.com/cyberpedia/nist#faqs?ts=markdown)
* [What Is Data Privacy Compliance?](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance?ts=markdown)
  * [Database Security in Public Clouds](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#database?ts=markdown)
  * [Elements of Database Security](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#elements?ts=markdown)
  * [Database Security: 8 Best Practices](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#security?ts=markdown)
  * [Database Security FAQs](https://www.paloaltonetworks.com/cyberpedia/data-privacy-compliance#faqs?ts=markdown)
* [How The Next-Generation Security Platform Contributes to GDPR Compliance](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance?ts=markdown)
  * [Data Breach Prevention](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#data?ts=markdown)
  * [Managing Security Processes Centrally](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#managing?ts=markdown)
  * [Preventing Data Exfiltration or Leakage](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#preventing?ts=markdown)
  * [Data Breach Notification](https://www.paloaltonetworks.com/cyberpedia/how-the-next-generation-security-platform-contributes-to-gdpr-compliance#breach?ts=markdown)
* [What Is PCI DSS?](https://www.paloaltonetworks.com/cyberpedia/pci-dss?ts=markdown)
  * [PCI DSS Explained](https://www.paloaltonetworks.com/cyberpedia/pci-dss#pci?ts=markdown)
  * [Why PCI DSS Compliance Is Important](https://www.paloaltonetworks.com/cyberpedia/pci-dss#why?ts=markdown)
  * [PCI DSS Requirements](https://www.paloaltonetworks.com/cyberpedia/pci-dss#dss?ts=markdown)
  * [Technical Best Practices for PCI DSS Compliance](https://www.paloaltonetworks.com/cyberpedia/pci-dss#technical?ts=markdown)
  * [Preparing for a PCI DSS Assessment](https://www.paloaltonetworks.com/cyberpedia/pci-dss#preparing?ts=markdown)
  * [PCI DSS FAQs](https://www.paloaltonetworks.com/cyberpedia/pci-dss#faqs?ts=markdown)
* [What Is PII?](https://www.paloaltonetworks.com/cyberpedia/pii?ts=markdown)
  * [Personally Identifiable Information (PII) Explained](https://www.paloaltonetworks.com/cyberpedia/pii#personally?ts=markdown)
  * [Why Is PII Important?](https://www.paloaltonetworks.com/cyberpedia/pii#why?ts=markdown)
  * [PII Worldwide](https://www.paloaltonetworks.com/cyberpedia/pii#pii?ts=markdown)
  * [Personal Data Vs. PII](https://www.paloaltonetworks.com/cyberpedia/pii#vs?ts=markdown)
  * [PHI Vs. PII](https://www.paloaltonetworks.com/cyberpedia/pii#phi?ts=markdown)
  * [PII Security Best Practices](https://www.paloaltonetworks.com/cyberpedia/pii#best?ts=markdown)
* [PII FAQs](https://www.paloaltonetworks.com/cyberpedia/pii#faqs?ts=markdown)

# What Is HIPAA?

5 min. read  
Table of Contents

* * [Is Your Organization HIPAA Compliant?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#compliant?ts=markdown)
  * [Understanding HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#understanding?ts=markdown)
  * [What Is Protected Health Information (PHI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#protected?ts=markdown)
  * [HIPAA: Breach Notification](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#breach?ts=markdown)
  * [HIPAA Privacy Rule: The Standard of Minimum Necessary](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#privacy?ts=markdown)
  * [The Security Rule: Safeguarding Electronic Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#security?ts=markdown)
  * [OCR Audit Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#ocr?ts=markdown)
  * [HIPAA for Big Tech and Startups](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#big-tech?ts=markdown)
  * [HIPAA Compliance Tips for DevOps and AppSec Practitioners](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#devops?ts=markdown)
* [HIPAA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#faqs?ts=markdown)

1. Is Your Organization HIPAA Compliant?

* * [Is Your Organization HIPAA Compliant?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#compliant?ts=markdown)
  * [Understanding HIPAA](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#understanding?ts=markdown)
  * [What Is Protected Health Information (PHI)?](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#protected?ts=markdown)
  * [HIPAA: Breach Notification](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#breach?ts=markdown)
  * [HIPAA Privacy Rule: The Standard of Minimum Necessary](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#privacy?ts=markdown)
  * [The Security Rule: Safeguarding Electronic Protected Health Information](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#security?ts=markdown)
  * [OCR Audit Protocol](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#ocr?ts=markdown)
  * [HIPAA for Big Tech and Startups](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#big-tech?ts=markdown)
  * [HIPAA Compliance Tips for DevOps and AppSec Practitioners](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#devops?ts=markdown)
* [HIPAA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-hipaa#faqs?ts=markdown)

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law enacted to safeguard sensitive patient health information (PHI). It sets standards for handling, storing, and transmitting PHI to ensure the privacy and security of medical records. HIPAA comprises two key rules: the Privacy Rule and the Security Rule.

The Privacy Rule establishes standards for protecting PHI, regulating how covered entities and their business associates use and disclose PHI. The Security Rule outlines the administrative, physical, and technical safeguards required to protect electronic PHI (ePHI) from unauthorized access or disclosure.

Compliance with HIPAA is mandatory for covered entities, including healthcare providers, health plans, and healthcare clearinghouses, as well as their business associates. Violations, whether intentional or unintentional, can result in fines and civil penalties.

## Is Your Organization HIPAA Compliant?

As healthcare organizations embrace digital transformation, they must secure sensitive data --- particularly electronic patient health information. In 2023, Palo Alto Network Unit 42^®^ Attack Surface Threat Report revealed the prevalence of exposures across various industries. Despite HIPAA's requirements to protect sensitive data, 56% of healthcare organizations had publicly exposed cloud development environments.

These exposed environments, often misconfigured and vulnerable, provide attackers with opportunities to infiltrate the networks of organizations. Such unauthorized access can result in data breaches, unauthorized disclosures, and even medical device failures.

Download the [Unit 42 Attack Surface Threat Report](https://www.paloaltonetworks.com/resources/research/2023-unit-42-attack-surface-threat-report?ts=markdown) for full research results.

## Understanding HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was established in 1996 to modernize the healthcare industry and protect patients, doctors, insurance companies, and other related parties. HIPAA has three main objectives:

* Ensuring people maintain health insurance between jobs
* Standardizing electronic billing practices
* Providing rules for handling protected health information

Since its enactment, HIPAA has seen two major updates --- HITECH in 2009 and the Omnibus Rule in 2013.

HITECH updated privacy requirements, introduced the breach notification rule, allowed proactive auditing of healthcare entities and their business associates, and updated enforcement activities such as fines and penalties for breaches.

The Omnibus Rule focused on enhancing privacy and breach notification requirements, improving patient rights, and redefining the breach process.

Lastly, HIPAA comprises three main rules that govern the use and disclosures of PHI, as well as securing electronic PHI and the reporting of breaches.

* Privacy Rule
* Security Rule
* Breach Notification Rule

## What Is Protected Health Information (PHI)?

Protected Health Information (PHI) refers to any individually identifiable health information, whether in electronic, oral, or physical form, that healthcare providers, health plans, or healthcare clearinghouses create, collect, transmit, or maintain.

PHI includes a wide range of data, such as medical records, billing information, test results, and medical images. It encompasses any information related to an individual's health status, provision of healthcare, or payment for healthcare services that can be linked to a specific person. In simplest terms, PHI consists of 18 data points that can individually or in combination reasonably identify a person. These data points might refer to personal or health-related information, as well as other types of identifiers.

### The 18 Data Points of PHI

Personal Identifiers

1. Names, including initials
2. All geographic subdivisions smaller than a state
3. All elements of dates, except the year, for dates directly related to an individual
4. Telephone numbers
5. Facsimile numbers
6. Electronic mail addresses
7. Social Security numbers

Health Identifiers

1. Medical record numbers
2. Health plan beneficiary numbers
3. Account numbers
4. Device identifiers and serial numbers

Miscellaneous Identifiers

1. Certificate or license numbers
2. Vehicle identifiers and serial numbers, including license plate numbers
3. Web universal resource locators or URLs
4. Internet protocol or IP address numbers
5. Biometric identifiers, including fingerprints and voiceprints
6. Full-face photographic images and comparable images
7. Unique identifying numbers, characteristics, or codes, unless permitted by the Privacy Rule for reidentification

While the term PHI is specific to the U.S., many countries have similar concepts regarding the protection of sensitive health information. The terminology to describe this type of information may differ for each country, but the core idea of protecting individually identifiable health information remains consistent.

In the European Union, for example, the General Data Protection Regulation (GDPR) refers to this type of information as "personal data concerning health." In Canada, the Personal Information Protection and Electronic Documents Act (PIPEDA) deals with the protection of "personal information," which includes health-related information.

Although the terms and regulatory frameworks vary, the underlying principle of safeguarding sensitive health information and ensuring the privacy and security of individuals' health data remains a common goal.

## HIPAA: Breach Notification

Under HIPAA, a breach involves an impermissible use or disclosure under the Privacy Rule, compromising the security or privacy of protected health information (PHI). Unless the covered entity or business associate demonstrates a low probability of PHI compromise based on a risk assessment, any impermissible use or disclosure of PHI is presumed to be a breach.

One of the most significant threats to PHI security is the unauthorized disclosure to an unapproved individual. A breach occurs when this risk materializes, and someone accesses private health information they shouldn't see. Breaches can be accidental or intentional, originating from employee carelessness, lack of education, or deliberate intrusion attempts. Regardless of the breach's nature, accidental and intentional breaches carry the same legal consequences.

The breach's consequences depend on the number of affected individuals and the incident's size. Smaller breaches require annual logging and reporting to the secretary, while larger breaches mandate reporting within 60 days of discovery. State laws may impose stricter reporting regulations, such as Texas' 60-minute reporting requirement. All breaches necessitate a risk assessment to identify exploited vulnerabilities and implement improved safeguards to prevent similar occurrences. The government reserves the right to investigate reported breaches, require remediation plans, and impose monetary penalties.

Everyone is responsible for reporting observed security and privacy incidents to their organization's appropriate authorities. Failing to report a breach may result in sanctions from both your organization and federal or state agencies. Adhere to your organization's reporting procedures and report all incidents, regardless of their size or perceived triviality.

Security and privacy breaches are a growing concern for organizations. However, with proper policies and procedures, breaches can be avoided. If a breach occurs, understanding the reporting responsibilities required by the Breach Notification Rule is crucial. Responding appropriately to a breach can save your organization unnecessary productivity loss and minimize monetary repercussions resulting from improper breach handling.

## HIPAA Privacy Rule: The Standard of Minimum Necessary

Like the [principle of least-privileged access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown), HIPAA's minimum necessary standard aims to limit your access to protected health information (PHI) to only what's needed to perform your job. The standard does not intend to hinder your ability to function within your organization or prohibit cross-training staff for multiple roles.

To comply with the minimum necessary standard, organizations, including covered entities and business associates, must identify the types of information employees have access to and the purpose of that access. For some organizations, establishing role-based access to PHI can pose challenges. Mapping job roles to levels of PHI access can simplify the process.

Adhering to the minimum necessary standard involves setting up technological and physical barriers to prevent unauthorized access or disclosure. Ensure that your IT team establishes role-based login permissions for systems containing PHI and implements robust monitoring protocols. These protocols should include periodic random reports for reviewing employee activity and automatic alerts to detect potential unauthorized access or cyberattacks.

Regardless of an organization's size, it's required to establish and enforce minimum necessary access procedures. HIPAA is designed to be flexible, allowing organizations to modify implementation, but the rule must remain intact.

## The Security Rule: Safeguarding Electronic Protected Health Information

Given the prevalence of cyberattacks, security in healthcare is of paramount importance. Healthcare data breaches come with significant financial implications, costing the health industry billions of dollars. As hackers continue to develop more sophisticated techniques, studies predict a substantial increase in the number of intentional attacks in the coming years. These threats highlight the need for healthcare organizations to implement staunch security measures to protect sensitive patient data.

Eighteen standards and 42 implementation specifications exist within the [HIPAA Security Rule](https://www.paloaltonetworks.com/cyberpedia/hipaa-security-rules?ts=markdown). Standards represent the safeguards that HIPAA requires, whereas implementation specifications detail the necessary policies and procedures to implement these standards.

The primary objective of the Security Rule is to safeguard individuals' health information privacy while enabling covered entities to adopt innovative technologies that enhance patient care quality and efficiency. Recognizing the diverse healthcare marketplace, the Security Rule offers flexibility and scalability, allowing covered entities to implement policies, procedures, and technologies tailored to their size and risks associated with consumers' ePHI.

Several implementation specifications are addressable, but this does not mean they are optional. Organizations must assess the appropriateness and reasonableness of each implementation specification. If deemed appropriate and reasonable, the specification must be implemented. If considered unreasonable or inappropriate, organizations must:

* Document the assessment and rationale for deeming the implementation unsuitable.
* Implement an alternative or modified version of the specification, if appropriate.
* Schedule periodic reviews of the assessment to determine the ongoing appropriateness and reasonableness of the specification.

Certain addressable implementation specifications, such as encryption, may prove difficult for organizations to justify as unreasonable or inappropriate. With numerous affordable and accessible solutions available for many Security Rule safeguards, cost or ease of implementation shouldn't hinder compliance.

Ensuring all standards and implementation specifications are appropriately addressed helps organizations minimize the risk of becoming the next security breach victim.

### Data Compliance Under HIPAA

HIPAA compliance involves implementing numerous security measures to protect ePHI.

**Encryption**

Both data in transit and data at rest should be encrypted. For data in transit, at least AES-256 encryption is recommended, while data at rest should be encrypted using industry-standard algorithms. Under HIPAA, encryption is considered an "addressable" requirement, meaning that organizations must either implement it or document why it's unreasonable and inappropriate.

**Access Controls**

Implement unique user IDs, strong authentication mechanisms, and automatic logoff features to control access to electronic protected health information (ePHI). Role-based access control (RBAC) can also be used to limit access to ePHI based on job roles.

**Audit Controls**

Regularly audit system activity, including user access logs, system alerts, and administrative activity to detect unauthorized access or potential breaches. Maintain records of audit trails for at least six years.

**Integrity Controls**

Implement mechanisms to ensure the integrity of ePHI by preventing unauthorized data alteration or destruction. This includes using checksums, digital signatures, and secure file transfer protocols.

**Transmission Security**

Protect ePHI transmitted over networks using encryption, secure messaging, or Virtual Private Networks (VPNs) to prevent unauthorized access.

**Device and Media Controls**

Implement policies and procedures for the proper disposal and reuse of electronic media containing ePHI. This includes data wiping, degaussing, or physical destruction of storage media.

**Risk Analysis and Management**

Conduct regular risk assessments to identify potential security risks and vulnerabilities, and implement appropriate risk management measures to address them. [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cyberpedia/what-is-dspm?ts=markdown) solutions can automate this process by continuously monitoring cloud resources and evaluating security configurations against HIPAA requirements.

**Incident Response**

Develop and maintain an incident response plan to effectively address potential security incidents, including breach notification procedures as required by HIPAA.

**Breach Reporting**

Under HIPAA, covered entities (organizations subject to HIPAA) must notify affected individuals of a data breach without unreasonable delay, but no later than 60 days following the discovery of a breach. The notification is required to include a description of the breach, types of information involved, steps taken to mitigate the breach, and recommended actions for affected individuals.

For breaches affecting fewer than 500 individuals, the covered entity must report the breach to Health and Human Services (HHS) within 60 days of the end of the calendar year in which the breach was discovered. For a breach affects 500 or more individuals, the covered entity must report the breach to HHS within 60 days of discovery. With breaches affecting 500 or more individuals in a single state or jurisdiction, the covered entity must notify prominent media outlets serving the affected area no later than 60 days following the discovery of the breach.

Additionally, if a breach occurs at a business associate (BA), the BA must notify the covered entity within 60 days of discovering the breach. The covered entity is then responsible for notifying the affected individuals, HHS, and the media, as required.

## OCR Audit Protocol

The healthcare industry, despite being heavily regulated, has witnessed some vital regulations go unmonitored for over a decade. Prior to HITECH, HIPAA functioned as a reactive compliance program rather than a proactive one, leading to a lack of enforcement.

To address this, the Office for Civil Rights (OCR) began conducting audits in 2012, with a focus on correcting compliance efforts rather than punishing noncompliance. Their goal is to identify weaknesses in compliance and improve the industry's implementation of privacy and security safeguards to protect health information.

Phase 2 of the audits, initiated in early 2016, doubled the number of audits conducted and expanded their scope to include business associates. This phase consists of three stages:

* **Stage 1:** Desk audits of covered entities, conducted electronically rather than in person
* **Stage 2:** Desk audits of business associates, requiring covered entities to disclose their business associate relationships
* **Stage 3:** In-person audits, offering a more comprehensive assessment than the previous two stages for a selected number of audited entities

Organizations should proactively establish and maintain their HIPAA compliance, rather than waiting for an audit notification. By initiating the process early and diligently documenting all compliance efforts, organizations can be well-prepared for audits and demonstrate their commitment to safeguarding sensitive health information.

Maintaining HIPAA compliance and safeguarding sensitive health information is a critical responsibility for a security leader in an organization that builds apps. It is essential to focus on several key areas to effectively manage information security efforts.

## HIPAA for Big Tech and Startups

Understanding the regulatory landscape is vital to providing the foundation for creating and implementing security policies and procedures in accordance with HIPAA. And maintaining HIPAA compliance couldn't be more important than is for those developing applications, managing cloud infrastructure, and providing [data security](https://www.paloaltonetworks.com/cyberpedia/what-is-data-security?ts=markdown) services for healthcare organizations.

[Addressing HIPAA compliance challenges in the tech sector](https://www.paloaltonetworks.com/cyberpedia/simplified-healthcare-compliance-and-risk-management-with-prisma-cloud?ts=markdown) requires a comprehensive understanding of regulatory requirements, secure application development, cloud infrastructure security, risk management, collaboration, and communication with stakeholders.

Staying informed about HIPAA regulations such as the Privacy and Security Rules and the Breach Notification Rule is essential for building compliant products and services. This knowledge helps meet the healthcare industry's strict security standards and ensures that applications adhere to HIPAA requirements.

When developing applications and software solutions, security and compliance must remain at the forefront of consideration. Incorporating features like encryption, access controls, and audit logging, as well as conducting regular security assessments and vulnerability testing, can help identify potential risks.

Designing and managing cloud infrastructure for handling electronic protected health information (ePHI) requires implementing data encryption both in transit and at rest. Additionally, role-based access control (RBAC) and a resilient, highly available architecture help maintain data integrity and withstand potential threats.

Conducting regular risk assessments, another vital aspect to consider, helps identify potential vulnerabilities in tech solutions and infrastructure, allowing for the development and implementation of mitigation strategies. The risk assessment process enables the prioritization of security initiatives and the efficient allocation of resources.

Collaboration and communication with stakeholders, such as healthcare organizations, cloud service providers, and security experts, ensure a comprehensive understanding of HIPAA requirements and industry best practices. Maintaining open lines of communication with clients and providing regular updates on security posture, compliance status, and potential risks can contribute to building trust and transparency.

Finally, promoting a culture of security awareness within the tech organization to help employees understand the importance of HIPAA compliance, empowering them to make informed decisions when developing and deploying tech solutions for healthcare clients.

## HIPAA Compliance Tips for DevOps and AppSec Practitioners

As healthcare organizations increasingly adopt cloud-based solutions and develop applications to manage and store electronic protected health information (ePHI), it's essential for cloud architects, application developers, and security engineers to ensure HIPAA compliance in their work.

### Cloud Architects

Cloud architects must design secure and compliant cloud infrastructure for handling ePHI. Key considerations include:

* Choosing a cloud service provider (CSP) with a proven track record in HIPAA compliance
* Ensuring that data encryption is implemented both in transit and at rest
* Implementing role-based access control (RBAC) to restrict access to sensitive data
* Designing a resilient and highly available architecture that can withstand potential threats and maintain data integrity
* Regularly reviewing and updating the cloud infrastructure to address emerging security risks and compliance requirements

### Application Developers

Application developers must create applications that adhere to HIPAA's Privacy and Security Rules. Important aspects to consider are:

* Developing secure APIs for handling ePHI and incorporating encryption and authentication mechanisms
* Implementing access controls and audit logging to monitor and track data access
* Ensuring data storage complies with encryption requirements and is securely segmented
* Conducting regular security and vulnerability assessments to identify potential risks and mitigate them
* Integrating security and compliance best practices into the development lifecycle and staying updated on changes in regulations

### Security Engineers

Security engineers play a vital role in safeguarding ePHI and maintaining HIPAA compliance. Responsibilities include:

* Developing, implementing, and managing security policies and procedures according to HIPAA guidelines
* Configuring and monitoring security tools, such as intrusion detection systems (IDS), firewalls, and antivirus software
* Conducting regular risk assessments to identify potential vulnerabilities and implementing appropriate countermeasures
* Collaborating with cloud architects and application developers to ensure security is integrated throughout the infrastructure and application development processes
* Providing training and raising awareness on security and compliance best practices within the organization

By working together, organizations can effectively address the unique challenges of HIPAA compliance in cloud environments and application development, ensuring the protection of sensitive health information and mitigating the risk of data breaches.

## HIPAA FAQs

### What is HITECH?

The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted in 2009, is a significant update to the Health Insurance Portability and Accountability Act (HIPAA). HITECH aims to enhance privacy requirements, introduce the breach notification rule, and promote the adoption of electronic health records (EHRs) and health information exchange (HIE) technology. It also allows for proactive auditing of healthcare entities and their business associates while updating enforcement activities, such as fines and penalties for breaches. The HITECH Act encourages healthcare organizations to adopt modern technology to improve patient care and streamline operations while maintaining rigorous privacy and security standards.

### What is the Omnibus Rule?

The Omnibus Rule, introduced in 2013, is a substantial amendment to HIPAA regulations, focusing on enhancing privacy and breach notification requirements, improving patient rights, and redefining the breach process. The rule expands HIPAA's scope to include business associates and their subcontractors, making them directly accountable for compliance. The Omnibus Rule also strengthens patient rights, allowing them to request electronic copies of their health records and prohibiting the use of their information for marketing purposes without explicit consent. Additionally, the rule revises the breach notification process by shifting the focus from potential harm to an evaluation of the probability that protected health information (PHI) has been compromised, ensuring that organizations promptly report and address any potential breaches.

### What is ePHI?

Electronic Protected Health Information, or ePHI, refers to any individually identifiable health information that is created, stored, transmitted, or maintained in an electronic format by a covered entity or a business associate under HIPAA.

### What is a covered entity (CE)?

A covered entity (CE) is an organization or individual subject to HIPAA regulations, which are responsible for protecting the privacy and security of protected health information (PHI). Covered entities typically include healthcare providers, health plans, and healthcare clearinghouses that transmit health information electronically in connection with certain standard transactions, such as claims processing, benefits coordination, and enrollment. CEs are required to implement safeguards to ensure the confidentiality, integrity, and availability of electronic PHI (ePHI) and comply with HIPAA Privacy and Security Rules.

### What is a business associate (BA)?

In HIPAA, a business associate (BA) is a third-party vendor, contractor, or consultant that will receive, create, access, transmit, or store protected health information on behalf of a healthcare organization. The BA performs functions or activities for the covered entity that involves the use or disclosure of PHI or confidential information.

### What does "required" refer to in the framework of HIPAA?

Required in the HIPAA framework refers to required procedures, which are mandatory, and covered entities and business associates must document and implement them without exceptions. All standards within the HIPAA framework are required.

### What does "addressable" refer to in the framework of HIPAA?

While not optional, addressable specifications allow organizations to assess whether a specific implementation is appropriate and reasonable for their unique circumstances. If deemed unreasonable or inappropriate, the organization must adopt and implement a reasonable alternative that achieves the same safeguard objective while maintaining compliance with HIPAA regulations.

### What is a designated record set?

A designated record set is a collection of records maintained by or for a covered entity under HIPAA, comprising medical and billing records about individuals, as well as enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan. The primary purpose of a designated record set is to comply with the Privacy Rule requirements for uses, disclosures, patient right of access, and amendment. Designated record sets are not intended for external requests for disclosures.

### What is a legal record set?

A legal record set refers to the officially declared record of healthcare services provided to an individual by a healthcare provider. This business record is generated at or for a healthcare organization and is the document released on receiving a request. The legal record set's definition is crucial for disclosing PHI consistently and accurately, ensuring that only the information defined within the legal record set is disclosed when required.

### What is a limited data set?

A limited data set is a partially deidentified record in which the 18 identifying data points of PHI have been removed before disclosure. Limited data sets can be used without a patient's permission if certain conditions are met, such as for research, public health initiatives, or healthcare operations. Although not completely deidentified, limited data sets are still protected by the Privacy Rule. When used by a third party that typically requires authorization, a data use agreement or business associate agreement must be executed before disclosure.
Related Content  
[Information Security Governance
Protecting information consistently across the enterprise means having the right people to align the information security program with business and technology strategy.](https://www.paloaltonetworks.com/blog/prisma-cloud/information-security-governance/)  
[Use Data Policies to Scan for Data Exposure or Malware
Detect malware and prevent inadvertent or malicious exposure of sensitive data with predefined data profiles and data patterns.](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security/monitor-data-security-scan-prisma-cloud/data-policies)  
[5 Orgs Achieve 360° Visibility and Compliance
Learn how organizations achieve centralized visibility across cloud environments to remediate vulnerabilities and eliminate threats.](https://www.paloaltonetworks.com/resources/ebooks/customer-spotlight-visibility-and-compliance?ts=markdown)  
[Data Visibility and Classification
Many organizations don't have enough visibility of critical data types such as personal identifiable information. This becomes problematic when facing audits and prioritizing data ...](https://www.paloaltonetworks.com/prisma/cloud/cloud-data-security?ts=markdown)  
![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20HIPAA%3F&body=HIPAA%20for%20application%20designers%3A%20secure%20app%20development%2C%20cloud%20infrastructure%2C%20data%20security%2C%20and%20risk%20management%20for%20HIPAA%20Security%20and%20Privacy%20compliance.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-hipaa)  
Back to Top  
[Previous](https://www.paloaltonetworks.com/cyberpedia/personal-data?ts=markdown) What Is Personal Data?  
[Next](https://www.paloaltonetworks.com/cyberpedia/sensitive-data?ts=markdown) What Is Sensitive Data?  
{#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2025 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language