> lol i was expecting an answer! I am assuming the database will be
> constantly read/written. How do you use a database on a CD as a
> backend?? I mean it sounds technically impractical/impossible, unless
> u are just tlaking about plain good ol backing up on a CD.
>
> This is the best thing to do. Have the database on its own server
> (separate from the coldfusion server), and have it only connected to
> the CF server, but not searchable on the network. I guess u have to
> mess with the subnet mask settings (i'm talking out of my butt, butt i
> think it makes sense). Also change the port it uses. I think SQL
> Server uses port 1433 by default.
>
> and thirdly, hire me to stand in front of it and kick butt on demand
> :)
> ----- Original Message -----
> From: dana tierney
> To: CF-Community
> Sent: Thursday, February 19, 2004 3:15 PM
> Subject: Re: HIPAA, arrrggggh
>
>
> good question. Looking for a way to low-end this. I've had an access
> db on a floppy, but it was empty.... but if I send it to my hard drive
> that is even more insecure than the commercial host, right? I'd have
> to learn firewalls really really quick once my DSL order goes though...
>
> which might be a good idea anyway, but so are a lot of the other
> things I need to do.
>
> Dana
>
> > How do u maintain a database on a CD? Are you just tlaking about a
>
> > backup?
>
> > ----- Original Message -----
>
> > From: dana tierney
>
> > To: CF-Community
>
> > Sent: Thursday, February 19, 2004 2:59 PM
>
> > Subject: Re: HIPAA, arrrggggh
> >
> >
>
> > goodie, my proposed upgrade needs revision. I am sure the current
> > system is even less compliant. Just for giggles, suppose the board
> > decides they can't afford the colocated server etc... if I were to
> > maintain a database on a cd (to take an ultra-lowtech approach) and
>
> > that CD is kept in a medical office (I suppose I could find a way to
>
> > lock it up too ) then what do ppl think? Recognizing of course that
>
> > none of you are lawyers. But it would seem to restrict access to one
>
> > person... kills the heck out of my disaster planning but that's
> > another story.
>
> > Any further opinions?
> >
>
> > Dana
> >
>
> > >That depends on how the database is hosted.
>
> > >
>
> > >If you are colocated somewhere using a dedicated server and
> > appropriate
>
> > >security measures are in place, including restricted physical
> access
> > to
>
> > >the box, then yes, you might be in compliance.
>
> > >
>
> > >If you are hosting with a company on a shared server, or they
> > install
>
> > >patches, big fixes, etc. themselves, you are definitely not in
>
> > >compliance.
>
> > >
>
> > >Essentially, to host with a commercial vendor, you need to pretend
>
> > you
>
> > >don't have one.
>
> > >
>
> > >M
>
> > >
>
> > >-----Original Message-----
>
> > >From: dana tierney [mailto:[EMAIL PROTECTED]
>
> > >Sent: Thursday, February 19, 2004 1:59 PM
>
> > >To: CF-Community
>
> > >Subject: HIPAA, arrrggggh
>
> > >
>
> > >
>
> > >ok we are having a huge flap over HIPAA compliance, has anyone
> here
>
> > >previously researched this topic?
>
> > >
>
> > >My burning question: If I have patient data in a SQL or mySQL
> > database
>
> > >on a commercial host, is this adequate security for HIPAA
> purposes?
>
> > >Authentication is required for the hosting account and for the
> > database
>
> > >itself.
>
> > >
>
> > >Anyone have any resources on this?
>
> > >
>
> > >Thanks
>
> > >Dana
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
