Katherine Fraser (7/30/2010)
I work at a company whose clients include pharmacies so several of our applications store PHI (protected health information) and must be "treated with special care" according to HIPAA.I am currently working on an application to audit any PHI access. That is, any time a stored procedure returns PHI to the application, I'll have to enter a log record showing what data was seen, by whom and when.
I'll be using Service Broker to log the accesses, sending encrypted messages, and storing it in a database encrypted with TDE. I'm not sure what the volume will be yet but it seems like a good idea to send the SSB messages as binary to reduce the size.
------------------------------------------------------
Katherine
How is that going to work when a DBA or developer or process is doing bulk historical reporting, or investigating/troubleshooting to find patterns (selecting millions of rows to let a human spot patterns)?