This is the best thing to do. Have the database on its own server (separate from the coldfusion server), and have it only connected to the CF server, but not searchable on the network. I guess u have to mess with the subnet mask settings (i'm talking out of my butt, butt i think it makes sense). Also change the port it uses. I think SQL Server uses port 1433 by default.
and thirdly, hire me to stand in front of it and kick butt on demand :)
----- Original Message -----
From: dana tierney
To: CF-Community
Sent: Thursday, February 19, 2004 3:15 PM
Subject: Re: HIPAA, arrrggggh
good question. Looking for a way to low-end this. I've had an access db on a floppy, but it was empty.... but if I send it to my hard drive that is even more insecure than the commercial host, right? I'd have to learn firewalls really really quick once my DSL order goes though...
which might be a good idea anyway, but so are a lot of the other things I need to do.
Dana
> How do u maintain a database on a CD? Are you just tlaking about a
> backup?
> ----- Original Message -----
> From: dana tierney
> To: CF-Community
> Sent: Thursday, February 19, 2004 2:59 PM
> Subject: Re: HIPAA, arrrggggh
>
>
> goodie, my proposed upgrade needs revision. I am sure the current
> system is even less compliant. Just for giggles, suppose the board
> decides they can't afford the colocated server etc... if I were to
> maintain a database on a cd (to take an ultra-lowtech approach) and
> that CD is kept in a medical office (I suppose I could find a way to
> lock it up too ) then what do ppl think? Recognizing of course that
> none of you are lawyers. But it would seem to restrict access to one
> person... kills the heck out of my disaster planning but that's
> another story.
> Any further opinions?
>
> Dana
>
> >That depends on how the database is hosted.
> >
> >If you are colocated somewhere using a dedicated server and
> appropriate
> >security measures are in place, including restricted physical access
> to
> >the box, then yes, you might be in compliance.
> >
> >If you are hosting with a company on a shared server, or they
> install
> >patches, big fixes, etc. themselves, you are definitely not in
> >compliance.
> >
> >Essentially, to host with a commercial vendor, you need to pretend
> you
> >don't have one.
> >
> >M
> >
> >-----Original Message-----
> >From: dana tierney [mailto:[EMAIL PROTECTED]
> >Sent: Thursday, February 19, 2004 1:59 PM
> >To: CF-Community
> >Subject: HIPAA, arrrggggh
> >
> >
> >ok we are having a huge flap over HIPAA compliance, has anyone here
> >previously researched this topic?
> >
> >My burning question: If I have patient data in a SQL or mySQL
> database
> >on a commercial host, is this adequate security for HIPAA purposes?
> >Authentication is required for the hosting account and for the
> database
> >itself.
> >
> >Anyone have any resources on this?
> >
> >Thanks
> >Dana
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
