>The thing is, I don't really know that much about it. Those were just
>questions I would look into what the HIPPA requirements might have issue
>with. I think though that a lot of the issue can be mitigated with how you
>store the data. The big no-no seems to be being able to actually tie
>information to a person.
>
>A colleague here used to work for the state health and human services. In
>our state we have open records laws. But he says it was common practice to
>store data and person information in such disparate table structures that
>you had to do crazy queries across different schemas just to tie it all
>together. That way they could hand over the data tables requested and the
>most that could be seen was anonymous data or they could run aggregates, but
>they didn't know the multiple lookup tables to tie the data to the person
>information stored somewhere else entirely.
>
>-Kevin
>
>
>> ya, I was afraid of hearing something like that.....
>>
>> >It's something that's come up a time or two here. In our office, we don't
>do
>> >much with it, but the med school certainly is wigged about it. From what
>> >I've gleaned from the discussions, I would be concerned about the
>commercial
>> >hosting.
>> >
>> >Who has access to their servers? What policies do they have in place to
>> >evaluate who has access? What policies do they have about what those
>people
>> >with access are allowed to do? What is their backup methodology? Where
>are
>> >the backups stored? Who has access to those? It's a mess.
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
