If you are colocated somewhere using a dedicated server and appropriate
security measures are in place, including restricted physical access to
the box, then yes, you might be in compliance.
If you are hosting with a company on a shared server, or they install
patches, big fixes, etc. themselves, you are definitely not in
compliance.
Essentially, to host with a commercial vendor, you need to pretend you
don't have one.
M
-----Original Message-----
From: dana tierney [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 19, 2004 1:59 PM
To: CF-Community
Subject: HIPAA, arrrggggh
ok we are having a huge flap over HIPAA compliance, has anyone here
previously researched this topic?
My burning question: If I have patient data in a SQL or mySQL database
on a commercial host, is this adequate security for HIPAA purposes?
Authentication is required for the hosting account and for the database
itself.
Anyone have any resources on this?
Thanks
Dana
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
