----- Original Message -----
From: dana tierney
To: CF-Community
Sent: Thursday, February 19, 2004 2:59 PM
Subject: Re: HIPAA, arrrggggh
goodie, my proposed upgrade needs revision. I am sure the current system is even less compliant. Just for giggles, suppose the board decides they can't afford the colocated server etc... if I were to maintain a database on a cd (to take an ultra-lowtech approach) and that CD is kept in a medical office (I suppose I could find a way to lock it up too ) then what do ppl think? Recognizing of course that none of you are lawyers. But it would seem to restrict access to one person... kills the heck out of my disaster planning but that's another story.
Any further opinions?
Dana
>That depends on how the database is hosted.
>
>If you are colocated somewhere using a dedicated server and appropriate
>security measures are in place, including restricted physical access to
>the box, then yes, you might be in compliance.
>
>If you are hosting with a company on a shared server, or they install
>patches, big fixes, etc. themselves, you are definitely not in
>compliance.
>
>Essentially, to host with a commercial vendor, you need to pretend you
>don't have one.
>
>M
>
>-----Original Message-----
>From: dana tierney [mailto:[EMAIL PROTECTED]
>Sent: Thursday, February 19, 2004 1:59 PM
>To: CF-Community
>Subject: HIPAA, arrrggggh
>
>
>ok we are having a huge flap over HIPAA compliance, has anyone here
>previously researched this topic?
>
>My burning question: If I have patient data in a SQL or mySQL database
>on a commercial host, is this adequate security for HIPAA purposes?
>Authentication is required for the hosting account and for the database
>itself.
>
>Anyone have any resources on this?
>
>Thanks
>Dana
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
