Hippa requires that the actual party info (person and contactmech) be in a seperate location with its own db. this means the code to run those functions but also be located on a seperate server. Now I am not sure if multitenant would be able to be used, if so, then the entities for person and contact mech must be in a seperate db and not avalible from other dB's.

this means that the login, currently used, would have to use a seperate creditials that are ambiguous. you could use the partyID and loginID concatenated but hippa requires the person have control and can deactivated correlation to the party info and the stored data about the party. this is accomplished by a Key that is part of the login and is stored in the login entity. The party can remove this key which does not allow anyone to connnect the data stored with party.

so something to think about as we go forward with security.

=========================
BJ Freeman
Strategic Power Office with Supplier Automation  
<http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com  <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist

Chat  Y! messenger: bjfr33man

Reply via email to