-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [EMAIL PROTECTED] wrote: > Hi, > > I'm taking a database class and we are given open ended discussion questions > each week. The question this week is: > > "Will MySQL take away market share from popular DBMSs? Will your comments > change if you are told that MySQL is not HIPPAA compliant?"
I'm not a HIPPA consultant, nor a lawyer, but have worked in the healthcare industry in the past (before I joined MySQL), so I have _some _ experience, but don't take this as a legal consultation ;) As far as I know, a _Database_Product_ can't be declared HIPPA-compliant, although features _in_ a database can help ease the route to compliance. Medical Records Software in combination with an organization and its processes have to be compliant (and it's based on process just as much as product). For example, besides containing regulations concerning techology for software that deals with artifacts that fall under HIPPA (but does not mandate _which_ technology to use), there are regulations about _physical_ security (i.e. who has access to the file cabinet, the server room, the fax machine, etc), administrative safeguards, as well as codifcation standards (ICD9's and the like, as well as other "Portability" issues, which is one of the "P"s in HIPPA) and any number of regulations that are outside the scope of database and/or middleware software. > > I have been using MySQL for well over 3 years, and other databases for well > over 10 years (professionally, as a coder....bout time I took a class eh?) > and I do think I have an informed opinion for the first part. > > I'm weak in the area of HIPAA compliance though. I know it basically centers > around privacy. I know it covers things like adequate logging, encrypted > connections, etc, but it also seems to include a lot of EDI interoperability. > Now that seems to be something that should be handled at an application > level and MySQL shouldn't be penalized because of this. From the searching > I have done, it appears that MSSQL for example offers this mandatory feature > via their Biztalk server (to handle all the EDI) > > There are all manner of sites that will discuss HIPAA compliance for a fee. > Is anyone here familiar with this that could provide a reference or a simple > summary. It seems an interesting and important topic that I thought the list > might be interested. Try Health and Human Service's Website http://aspe.hhs.gov/admnsimp/bannertx.htm -Mark - -- Mark Matthews MySQL AB, Software Development Manager - Connectivity www.mysql.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC852RtvXNTca6JD8RApRyAKCr7GD00dQ/E/we7uH44eoWKPUuQQCff7O5 fODyR4aoEm4A2JVYSSM+84o= =6Aup -----END PGP SIGNATURE----- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
