Home Forums SQLServerCentral.com Editorials Auditing RE: Auditing

  • July 30, 2010 at 7:57 am

    #1200338

    Katherine Fraser (7/30/2010)

    I work at a company whose clients include pharmacies so several of our applications store PHI (protected health information) and must be "treated with special care" according to HIPAA.

    I am currently working on an application to audit any PHI access. That is, any time a stored procedure returns PHI to the application, I'll have to enter a log record showing what data was seen, by whom and when.

    I'll be using Service Broker to log the accesses, sending encrypted messages, and storing it in a database encrypted with TDE. I'm not sure what the volume will be yet but it seems like a good idea to send the SSB messages as binary to reduce the size.

    ------------------------------------------------------

    Katherine

    How is that going to work when a DBA or developer or process is doing bulk historical reporting, or investigating/troubleshooting to find patterns (selecting millions of rows to let a human spot patterns)?