much with it, but the med school certainly is wigged about it. From what
I've gleaned from the discussions, I would be concerned about the commercial
hosting.
Who has access to their servers? What policies do they have in place to
evaluate who has access? What policies do they have about what those people
with access are allowed to do? What is their backup methodology? Where are
the backups stored? Who has access to those? It's a mess.
-Kevin
----- Original Message -----
From: "dana tierney" <[EMAIL PROTECTED]>
To: "CF-Community" <[EMAIL PROTECTED]>
Sent: Thursday, February 19, 2004 12:58 PM
Subject: HIPAA, arrrggggh
> ok we are having a huge flap over HIPAA compliance, has anyone here
previously researched this topic?
>
> My burning question: If I have patient data in a SQL or mySQL database on
a commercial host, is this adequate security for HIPAA purposes?
Authentication is required for the hosting account and for the database
itself.
>
> Anyone have any resources on this?
>
> Thanks
> Dana
>
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
