questions I would look into what the HIPPA requirements might have issue
with. I think though that a lot of the issue can be mitigated with how you
store the data. The big no-no seems to be being able to actually tie
information to a person.
A colleague here used to work for the state health and human services. In
our state we have open records laws. But he says it was common practice to
store data and person information in such disparate table structures that
you had to do crazy queries across different schemas just to tie it all
together. That way they could hand over the data tables requested and the
most that could be seen was anonymous data or they could run aggregates, but
they didn't know the multiple lookup tables to tie the data to the person
information stored somewhere else entirely.
-Kevin
> ya, I was afraid of hearing something like that.....
>
> >It's something that's come up a time or two here. In our office, we don't
do
> >much with it, but the med school certainly is wigged about it. From what
> >I've gleaned from the discussions, I would be concerned about the
commercial
> >hosting.
> >
> >Who has access to their servers? What policies do they have in place to
> >evaluate who has access? What policies do they have about what those
people
> >with access are allowed to do? What is their backup methodology? Where
are
> >the backups stored? Who has access to those? It's a mess.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
