Hippa requires that the actual party info (person and contactmech) be in
a seperate location with its own db.
this means the code to run those functions but also be located on a
seperate server. Now I am not sure if multitenant would be able to be
used, if so, then the entities for person and contact mech must be in a
seperate db and not avalible from other dB's.
this means that the login, currently used, would have to use a seperate
creditials that are ambiguous.
you could use the partyID and loginID concatenated but hippa requires
the person have control and can deactivated correlation to the party
info and the stored data about the party.
this is accomplished by a Key that is part of the login and is stored in
the login entity. The party can remove this key which does not allow
anyone to connnect the data stored with party.
so something to think about as we go forward with security.
=========================
BJ Freeman
Strategic Power Office with Supplier Automation
<http://www.businessesnetwork.com/automation/viewforum.php?f=52>
Specialtymarket.com <http://www.specialtymarket.com/>
Systems Integrator-- Glad to Assist
Chat Y! messenger: bjfr33man