-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mark Matthews wrote:
[snip] > For example, besides containing regulations concerning techology for > software that deals with artifacts that fall under HIPPA (but does not > mandate _which_ technology to use), there are regulations about > _physical_ security (i.e. who has access to the file cabinet, the server > room, the fax machine, etc), administrative safeguards, as well as > codifcation standards (ICD9's and the like, as well as other > "Portability" issues, which is one of the "P"s in HIPPA) and any number [snip] Sorry, that should've been _the_ "P" in _HIPAA_ ;) Finally managed to dig up the technology requirements from H&HS at http://www.cms.hhs.gov/hipaa/hipaa2/regulations/security/nprm/sec14.asp And of course, given these, a solution built on top of MySQL _can_ be HIPAA-compliant (given that you meet the non-technology-related regulations as well, which are probably harder to deal with). Of course, these requirements apply to the system as a _whole_, but MySQL by itself also meets the requirements. > Requirement > -------------- > Access control (The following implementation feature must be implemented: > Procedure for emergency access. In addition, at least one of the following > three implementation features must be implemented: Context-based access, > Role-based access, User-based access. The use of Encryption is optional). There's emergency-based access, as well as user-based access in MySQL. One can also, if they so desire use encryption. > Audit controls You can enable MySQL to create audit logs, with recording every query issued by any user the time at which that query happened. > Authorization control (At least one of the listed implementation features > must be implemented). > > > Role-based access. > User-based access. MySQL has User-based access. > Data Authentication (HIPAA's definition is "The corroboration that data has > not been altered or destroyed in an unauthorized manner. Examples of how data > corroboration may be assured include the use of a check sum, double keying, a > message authentication code, or digital signature.") MySQL has cryptographic hashing functionality which meets this requirement. > Entity authentication (The following implementation features must be > implemented: Automatic logoff, Unique user identification. In addition, at > least one of the other listed implementation features must be implemented). > > > Automatic logoff. > Biometric. > Password. > PIN. > Telephone callback. > Token. > Unique user identification. MySQL has automatic log-off capabilities (connection timeouts), as well as unique user identification, and has passwords. -Mark - -- Mark Matthews MySQL AB, Software Development Manager - Connectivity www.mysql.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFC86TDtvXNTca6JD8RAsvJAJ9Mhl9tiXFzpoZmocmVRmXXrxUClQCfZH2D wXzjU3u4oAhicyenewPE2Z8= =QGJH -----END PGP SIGNATURE----- -- MySQL General Mailing List For list archives: http://lists.mysql.com/mysql To unsubscribe: http://lists.mysql.com/[EMAIL PROTECTED]
