June 11, 2014 at 3:27 am
Hi,
I have an instance in Amazon EC2 and need to be Hipaa compliant. I have few doubts,
1. Should I need to do a block level encryption of the database storage ?
2. Should I need to encrypt sensitive data before storing in the database ?
3. Best database software to handle with the encryption and Big Data ?
Any help will be highly appreciable,
Thank You.
June 12, 2014 at 8:21 am
As for the 'encryption', since this needs to meet the HIPAA requirements, have you met with the Healthcare provider's administrative and legal staff ?
Now a few questions ...
What 'version' of SQL Server are you using ?
What 'edition' of SQL Server are you using ?
Are you considering 'encryption' at the :
- operating system level
- database
- table
- column
As for database backups - do they need to be 'encrypted' at rest ?
RegardsRudy KomacsarSenior Database Administrator"Ave Caesar! - Morituri te salutamus."
June 12, 2014 at 1:57 pm
rinshadka_2445 (6/11/2014)
Hi,I have an instance in Amazon EC2 and need to be Hipaa compliant. I have few doubts,
1. Should I need to do a block level encryption of the database storage ?
2. Should I need to encrypt sensitive data before storing in the database ?
3. Best database software to handle with the encryption and Big Data ?
Any help will be highly appreciable,
Thank You.
HIPAA compliance is less technical rules and more accessibility rules. It's privacy of data and identification as to whom you are vs. what others may need to know.
You're starting too deep. What you need to do is talk to legal with your manager and find out what they need and if there are any holes in your current environment. Then you decide what to do with it. HIPAA is too intricate a topic to ask for forum help from a bunch of semi-anonymous people about.
Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.
For better assistance in answering your questions[/url] | Forum Netiquette
For index/tuning help, follow these directions.[/url] |Tally Tables[/url]
Twitter: @AnyWayDBA
June 16, 2014 at 3:41 am
I agree with Craig.
You need to know the requirements, not try to guess them. Your guesses may be right, but if they are wrong you can easily spend time doing something that is not necessary, or missing something that is necessary.
Personally, I would prepare a compliance document. This could identify each requirement as a section heading, followed by a description of the requirement followed by what you have done to satisfy the requirement. This becomes a document that can be audited for completeness, and gives you a base to work from if a requirement changes.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply