Re: [GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread Stephen Cook
On 2016-06-17 14:09, Paul Jungwirth wrote: > On 06/17/2016 03:03 AM, Alex John wrote: >> RDS is a prime candidate except for the fact that they have explicitly >> stated that the Postgres engine is *not* HIPAA compliant. > > More precisely, it is not covered by the BAA Amazon will sign. > > I've

Re: [GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread Mike Sofen
-Original Message- From: Alex John Sent: Friday, June 17, 2016 3:04 AM To: pgsql-general@postgresql.org Subject: [GENERAL] PostgresSQL and HIPAA compliance Hello, I have a few questions regarding the use of PostgreSQL and HIPAA compliance. I work for a company that plans on storing

Re: [GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread Paul Jungwirth
On 06/17/2016 03:03 AM, Alex John wrote: RDS is a prime candidate except for the fact that they have explicitly stated that the Postgres engine is *not* HIPAA compliant. More precisely, it is not covered by the BAA Amazon will sign. I've helped several companies run HIPAA-compliant Postgres on

Re: [GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread Joshua D. Drake
On 06/17/2016 03:03 AM, Alex John wrote: Hello, I have a few questions regarding the use of PostgreSQL and HIPAA compliance. I work for a company that plans on storing protected health information (PHI) on our servers. We have looked at various solutions for doing so, and RDS is a prime candidate

Re: [GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread James Keener
The method you use to store the data is irrelevant. Access to your network. Logging. If you're encrypting the disk. How is the application presenting this data. What kind of ACLs are you using. Asking if PG is good to store HIPAA data is exactly as useful as asking if you can even store HIPAA data.

Re: [GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread Steve Atkins
> On Jun 17, 2016, at 3:03 AM, Alex John wrote: > > Hello, I have a few questions regarding the use of PostgreSQL and HIPAA > compliance. I work for a company that plans on storing protected health > information (PHI) on our servers. We have looked at various solutions for > doing > so, and RDS

[GENERAL] PostgresSQL and HIPAA compliance

2016-06-17 Thread Alex John
Hello, I have a few questions regarding the use of PostgreSQL and HIPAA compliance. I work for a company that plans on storing protected health information (PHI) on our servers. We have looked at various solutions for doing so, and RDS is a prime candidate except for the fact that they have explici