SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Hipaa Compliant Server


Hipaa Compliant Server

Author
Message
rinshadka_2445
rinshadka_2445
Forum Newbie
Forum Newbie (2 reputation)Forum Newbie (2 reputation)Forum Newbie (2 reputation)Forum Newbie (2 reputation)Forum Newbie (2 reputation)Forum Newbie (2 reputation)Forum Newbie (2 reputation)Forum Newbie (2 reputation)

Group: General Forum Members
Points: 2 Visits: 2
Hi,

I have an instance in Amazon EC2 and need to be Hipaa compliant. I have few doubts,

1. Should I need to do a block level encryption of the database storage ?
2. Should I need to encrypt sensitive data before storing in the database ?
3. Best database software to handle with the encryption and Big Data ?

Any help will be highly appreciable,

Thank You.
Rudyx - the Doctor
Rudyx - the Doctor
SSCarpal Tunnel
SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)SSCarpal Tunnel (4.8K reputation)

Group: General Forum Members
Points: 4767 Visits: 2503
As for the 'encryption', since this needs to meet the HIPAA requirements, have you met with the Healthcare provider's administrative and legal staff ?

Now a few questions ...

What 'version' of SQL Server are you using ?

What 'edition' of SQL Server are you using ?

Are you considering 'encryption' at the :
- operating system level
- database
- table
- column

As for database backups - do they need to be 'encrypted' at rest ?

Regards
Rudy Komacsar
Senior Database Administrator

"Ave Caesar! - Morituri te salutamus."
Evil Kraig F
Evil Kraig F
SSCrazy Eights
SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)SSCrazy Eights (8.6K reputation)

Group: General Forum Members
Points: 8587 Visits: 7660
rinshadka_2445 (6/11/2014)
Hi,

I have an instance in Amazon EC2 and need to be Hipaa compliant. I have few doubts,

1. Should I need to do a block level encryption of the database storage ?
2. Should I need to encrypt sensitive data before storing in the database ?
3. Best database software to handle with the encryption and Big Data ?

Any help will be highly appreciable,

Thank You.


HIPAA compliance is less technical rules and more accessibility rules. It's privacy of data and identification as to whom you are vs. what others may need to know.

You're starting too deep. What you need to do is talk to legal with your manager and find out what they need and if there are any holes in your current environment. Then you decide what to do with it. HIPAA is too intricate a topic to ask for forum help from a bunch of semi-anonymous people about.


- Craig Farrell

Never stop learning, even if it hurts. Ego bruises are practically mandatory as you learn unless you've never risked enough to make a mistake.

For better assistance in answering your questions | Forum Netiquette
For index/tuning help, follow these directions. |Tally Tables

Twitter: @AnyWayDBA
EdVassie
EdVassie
SSCertifiable
SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)SSCertifiable (5.8K reputation)

Group: General Forum Members
Points: 5781 Visits: 3865
I agree with Craig.

You need to know the requirements, not try to guess them. Your guesses may be right, but if they are wrong you can easily spend time doing something that is not necessary, or missing something that is necessary.

Personally, I would prepare a compliance document. This could identify each requirement as a section heading, followed by a description of the requirement followed by what you have done to satisfy the requirement. This becomes a document that can be audited for completeness, and gives you a base to work from if a requirement changes.

Original author: SQL Server FineBuild 1-click install and best practice configuration of SQL Server 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005. 14 Mar 2017: now over 40,000 downloads.Disclaimer: All information provided is a personal opinion that may not match reality.Quote: When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist. - Archbishop Hélder Câmara
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum

































































































































































SQLServerCentral


Search