Does anyone have any knowledge of HIPAA compliance related to web and database server setup? Specifically, if I have one database server and one web server, does the database server need to be completely removed from the internet or can the firewall filter out everything but what I need to communicate between the two servers anyhow, like the SQL Server Port?
Just curious if anyone else has run into this situation with setting up a new set of servers and how much separation on the network there needs to be between the web and DB servers for HIPAA compliance. We do have private health information but no financial (PCI) info. Dan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;207172674;29440083;f Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:317907 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
