ON PREMISES SOLUTIONS

Bitdefender GravityZone and HIPAA

One of the Bitdefender’s top priorities is to ensure that customers’ personal data is safely processed and stored. In this regard, Bitdefender has in place specific privacy policies for home and business solutions. Bitdefender's privacy policies can be found here: https://www.bitdefender.com/site/view/legal-privacy.html.

As part of protecting customers’ personal data, Bitdefender aims to help its customers, including health care professionals, comply with regulations of U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA).

GravityZone On-Premises solution

GravityZone On-Premises solution has been designed to allow keeping your data inside your organization. However,for higher protection, certain GravityZone features require interaction with Bitdefender cloud servers to perform tasks. To be in line with HIPAA regulations, you need to disable these features in the GravityZone console (Control Center) as described below.

Security policy settings

Modify the security policy settings in Control Center as follows:

  1. Go to Policies and click to edit an existing policy or create a new one.

  2. Go to General > Settings.

  3. Under the Options section, deselect the following check boxes:

    • Submit crash reports to Bitdefender

    • Submit suspicious executable files for analysis

    • Use Bitdefender Global Protective Network to enhance protection

  4. Go to Antimalware > Settings.

  5. Under the Quarantine section, deselect Submit quarantined files to Bitdefender Labs every (hours).

  6. Go to Sandbox Analyzer.

    If using Sandbox Analyzer Cloud as detonation environment, you must filter out the submitted file types so that they do not contain medical data or any personally identifiable information (PII). To do this, under the Content Prefiltering section, specify in the Exceptions box the extensions of the files you do not want automatically submitted.

    If you are not sure about what kind of data you may submit to Sandbox Analyzer, to be on the safe side from a HIPAA perspective, you may disable this feature altogether by deselecting the Automatic sample submission from managed endpoints check box.

  7. Click Save to apply the changes.

Installation packages

Modify the installation packages in Control Center as follows:

  1. Go to Network > Packages and click to edit an existing installation package or create a new one.

  2. Under the Miscellaneous section, deselect these check boxes:

    • Submit crash dumps

    • Submit quarantined files to Bitdefender Labs every (hours)

    • Submit suspicious executables to Bitdefender

    • Use Bitdefender Global Protective Network to enhance protection

  3. Under the Settings section, deselect Scan before installation.

  4. Click Save to apply the changes.

Sandbox Analyzer manual submission

While you can configure automatic submission to Sandbox Analyzer Cloud in the security policy settings, manual submission depends exclusively on the operations you make in the Sandbox Analyzer > Manual Submission section of the Control Center main menu. To be in line with HIPAA regulations, make sure you do not submit to Sandbox Analyzer Cloud files that may contain medical data or PII.

Legal notice

Please be advised that it is entirely your responsibility to check your compliance with any piece of legislation, including HIPAA, and by presenting the above information Bitdefender expressly disclaims any and all liability regarding your compliance with HIPAA and your conduct in relation to HIPAA or any other legal requirements you may be subjected to. For the avoidance of any doubt, by using Bitdefender Solutions, including GravityZone, Bitdefender does not warrant in any way your compliance to any piece of legislation, including HIPAA. The above does not represent legal guidance and you are encouraged to seek legal advice with respect to the above or any other legal related topic.