I am not very familiar with HIPAA reglations, but it sounds like they are something like the procedural and technical guidelines from the Dutch Data Protection Authority. Those guidelines mandate that if you store class 2 or higher personal data (lots of relatively harmless data like name and address, or a little bit of sensitive data like health records), you need to have access to the source code of every piece of software you use to process that data. Does the HIPAA mandate something similar?
Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Discover CFTicket - The leading ColdFusion Help Desk and Trouble Ticket application http://www.houseoffusion.com/banners/view.cfm?bannerid=48 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:213960 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
