Mike, I agree with all of you. :-) Insurance companies and health providers each make up their own IT protection rules. One of my clients works with many insurance companies, and my client has to please all of them. From this wide variety of companies, we have, at various times, had to deal with requirements like these:
"We have determined that PDF password protection is not adequate, it's too easy to break the password." "We need you to log every user who accesses every file." "You need to prevent all programmers from being able to execute any SQL queries directly against the data, unless all of those queries are logged." !?!? Each solution has to use the best tools available to meet the requirements, and has to consider things like data storage, database sizes, and back-up media limitations. Bill On Wed, Mar 11, 2009 at 2:55 PM, MikeB <[email protected]> wrote: > Javier, > I agree with your synopsis. The file system on a server should provide > the mechanism that protects the security of the data to meet the sufficiency > of the HIPAA. I would expect the adoption of disk storage as opposed to > BLOB storage to be the rule, rather than the exception in the database > community, regardless of vendor. > RBase's ability to generate encrypted PDFs adds an additional measure of > securing the data. > > >
