Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

Hipaa Compliant Server Expand / Collapse
Author
Message
Posted Wednesday, June 11, 2014 3:27 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Wednesday, June 11, 2014 3:26 AM
Points: 2, Visits: 2
Hi,

I have an instance in Amazon EC2 and need to be Hipaa compliant. I have few doubts,

1. Should I need to do a block level encryption of the database storage ?
2. Should I need to encrypt sensitive data before storing in the database ?
3. Best database software to handle with the encryption and Big Data ?

Any help will be highly appreciable,

Thank You.
Post #1579547
Posted Thursday, June 12, 2014 8:21 AM
Hall of Fame

Hall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of FameHall of Fame

Group: General Forum Members
Last Login: Today @ 9:24 AM
Points: 3,214, Visits: 2,332
As for the 'encryption', since this needs to meet the HIPAA requirements, have you met with the Healthcare provider's administrative and legal staff ?

Now a few questions ...

What 'version' of SQL Server are you using ?

What 'edition' of SQL Server are you using ?

Are you considering 'encryption' at the :
- operating system level
- database
- table
- column

As for database backups - do they need to be 'encrypted' at rest ?





Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
Post #1580078
Posted Thursday, June 12, 2014 1:57 PM


SSCertifiable

SSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiableSSCertifiable

Group: General Forum Members
Last Login: Today @ 3:10 PM
Points: 6,237, Visits: 7,392
rinshadka_2445 (6/11/2014)
Hi,

I have an instance in Amazon EC2 and need to be Hipaa compliant. I have few doubts,

1. Should I need to do a block level encryption of the database storage ?
2. Should I need to encrypt sensitive data before storing in the database ?
3. Best database software to handle with the encryption and Big Data ?

Any help will be highly appreciable,

Thank You.


HIPAA compliance is less technical rules and more accessibility rules. It's privacy of data and identification as to whom you are vs. what others may need to know.

You're starting too deep. What you need to do is talk to legal with your manager and find out what they need and if there are any holes in your current environment. Then you decide what to do with it. HIPAA is too intricate a topic to ask for forum help from a bunch of semi-anonymous people about.



- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions | Forum Netiquette
For index/tuning help, follow these directions. |Tally Tables

Twitter: @AnyWayDBA
Post #1580250
Posted Monday, June 16, 2014 3:41 AM
SSCrazy

SSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazySSCrazy

Group: General Forum Members
Last Login: 2 days ago @ 9:20 AM
Points: 2,868, Visits: 3,211
I agree with Craig.

You need to know the requirements, not try to guess them. Your guesses may be right, but if they are wrong you can easily spend time doing something that is not necessary, or missing something that is necessary.

Personally, I would prepare a compliance document. This could identify each requirement as a section heading, followed by a description of the requirement followed by what you have done to satisfy the requirement. This becomes a document that can be audited for completeness, and gives you a base to work from if a requirement changes.


Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2014, 2012, 2008 R2, 2008 and 2005. 28 July 2014: now over 30,000 downloads.
Disclaimer: All information provided is a personal opinion that may not match reality.
Concept: "Pizza Apartheid" - the discrimination that separates those who earn enough in one day to buy a pizza if they want one, from those who can not.
Post #1581039
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse