If you're HIPAA compliant or PCI compliant you must run an intrusion detection system and anti virus software. What do you use to solve these requirements on Linux?
Where in HIPAA does it require anti-virus or IDS? Last I read it only requires encryption (both locally and on the network) and you have to have a written security policy which you will be audited against.
If you don't want AV or IDS then simply don't put it into your internal security policy. Nothing in the HIPAA says that you have to have it, unless they've amended it recently to include that.
If you don't want AV or IDS then simply don't put it into your internal security policy. Nothing in the HIPAA says that you have to have it, unless they've amended it recently to include that.